PT-2012-5035 · Myclientbase · Myclientbase

Benjamin Kunz Mejri

Publicado

2012-07-03

Atualizado

2017-08-29

CVE-2012-3839

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MyClientBase version 0.12

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the invoice number or tags parameter to the "index.php/invoice search" endpoint.

Recommendations For MyClientBase version 0.12, consider restricting access to the "index.php/invoice search" endpoint until a patch is available. As a temporary workaround, avoid using the invoice number and tags parameters in this endpoint to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2012-3839

Produtos afetados

Myclientbase

PT-2012-5035 · Myclientbase · Myclientbase

CVE-2012-3839

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8