PT-2018-12602 · Cwjoomla · Cw Article Attachments Free+1

Publicado

2018-09-20

Atualizado

2018-11-09

CVE-2018-14592

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CWJoomla CW Article Attachments PRO extension versions prior to 2.0.7 CW Article Attachments FREE extension versions prior to 1.0.6

Description The issue allows SQL Injection within the "download.php" endpoint. This could potentially lead to unauthorized access to sensitive data.

Recommendations For CWJoomla CW Article Attachments PRO extension versions prior to 2.0.7, update to version 2.0.7 or later. For CW Article Attachments FREE extension versions prior to 1.0.6, update to version 1.0.6 or later.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-14592

Produtos afetados

Cw Article Attachments Free

Cw Article Attachments Pro

PT-2018-12602 · Cwjoomla · Cw Article Attachments Free+1

CVE-2018-14592

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4