PT-2017-15121 · Cells · Cells Blog
Publicado
2017-12-28
·
Atualizado
2018-04-13
·
CVE-2017-17950
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cells Blog version 3.5
Description
The issue is related to SQL Injection, which can be exploited via the
ptid parameter in the "pub readpost.php" endpoint.Recommendations
For Cells Blog version 3.5, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the
ptid parameter in the "pub readpost.php" endpoint until a patch is available.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cells Blog