CVE-2018-19654

Name of the Vulnerable Software and Affected Versions Sales & Company Management System (SCMS) versions prior to 2018-06-06

Description The issue arises from a discrepancy in username checking between two components, one performing string validation and the other querying a MySQL database. This discrepancy allows for the registration of a new account with a duplicate username, as shown by using the test%c2 string when a test account already exists.

Recommendations For Sales & Company Management System (SCMS) versions prior to 2018-06-06, consider implementing additional validation to ensure username uniqueness before allowing new account registrations. As a temporary workaround, restrict access to the account registration feature to minimize the risk of exploitation.