PT-2017-14929 · Unknown · Multiplex Movie Theater Booking Script

Ihsan Sencan

Publicado

2017-12-13

Atualizado

2017-12-29

CVE-2017-17633

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Multiplex Movie Theater Booking Script version 3.1.5

Description The issue concerns SQL Injection via specific parameters in certain PHP files. The vulnerable parameters are moid in trailer-detail.php and show-time.php, and eid in event-detail.php.

Recommendations For Multiplex Movie Theater Booking Script version 3.1.5, consider restricting access to the trailer-detail.php, show-time.php, and event-detail.php files until a patch is available, and avoid using the moid and eid parameters in these files to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2017-17633

Produtos afetados

Multiplex Movie Theater Booking Script

PT-2017-14929 · Unknown · Multiplex Movie Theater Booking Script

CVE-2017-17633

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4