PT-2018-15004 · Cuppacms · Cuppacms
Darkrerror
·
Publicado
2018-11-26
·
Atualizado
2018-12-18
·
CVE-2018-19559
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CuppaCMS versions prior to 2018-11-12
Description
The issue is related to SQL Injection. It affects the administrator/classes/ajax/functions.php file via the
reference id parameter.Recommendations
For versions prior to 2018-11-12, update to a version released after 2018-11-12 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable
functions.php file or avoiding the use of the reference id parameter in the affected endpoint until the issue is resolved.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cuppacms