PT-2017-14716 · Techno · Techno - Portfolio Management Panel

Ihsan Sencan

Publicado

2017-12-11

Atualizado

2020-09-30

CVE-2017-17110

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Techno Portfolio Management Panel version 1.0

Description The issue allows an attacker to inject SQL commands via a "single.php?id=" request. This could potentially lead to unauthorized access or manipulation of data.

Recommendations For Techno Portfolio Management Panel version 1.0, consider validating and sanitizing user input for the id parameter in the "single.php" endpoint to prevent SQL injection attacks. As a temporary workaround, restrict access to the "single.php" endpoint until a proper fix is implemented.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2017-17110

Produtos afetados

Techno - Portfolio Management Panel

PT-2017-14716 · Techno · Techno - Portfolio Management Panel

CVE-2017-17110

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4