PT-2018-11509 · Softexpert · Softexpert Excellence Suite

Publicado

2018-07-09

Atualizado

2018-09-05

CVE-2018-12977

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SoftExpert Excellence Suite version 2.0

Description A SQL injection issue allows remote authenticated users to perform SQL heuristics by pulling information from the database. This is achieved by manipulating the cddocument parameter in the "Downloading Electronic Documents" section.

Recommendations For SoftExpert Excellence Suite version 2.0, avoid using the cddocument parameter in the "Downloading Electronic Documents" section until a fix is available. As a temporary workaround, consider restricting access to the "Downloading Electronic Documents" section to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-12977

Produtos afetados

Softexpert Excellence Suite

PT-2018-11509 · Softexpert · Softexpert Excellence Suite

CVE-2018-12977

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3