PT-2010-1538 · Unknown · Questions Answered
Snakespc
·
Publicado
2010-03-18
·
Atualizado
2017-09-19
·
CVE-2009-4728
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Questions Answered version 1.3
Description
A SQL injection issue exists in the administrative interface, allowing remote attackers to execute arbitrary SQL commands via the
username parameter.Recommendations
For version 1.3, consider restricting access to the administrative interface until a fix is available, and avoid using the
username parameter in sensitive operations to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Questions Answered