PT-2018-14447 · Lango · Lango Codeigniter Multilingual Script

Ismail Tasdelen

Publicado

2018-10-19

Atualizado

2018-12-04

CVE-2018-18416

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LANGO Codeigniter Multilingual Script version 1.0

Description The issue concerns a security problem where an attacker can inject malicious code. Specifically, the site name parameter in the "admin/settings/update" API endpoint is vulnerable. This could potentially allow for malicious actions.

Recommendations For LANGO Codeigniter Multilingual Script version 1.0, as a temporary workaround, consider restricting access to the "admin/settings/update" API endpoint until a patch is available. Avoid using the site name parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-18416

Produtos afetados

Lango Codeigniter Multilingual Script

PT-2018-14447 · Lango · Lango Codeigniter Multilingual Script

CVE-2018-18416

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4