PT-2018-15438 · Ivan Cordoba · Ivan Cordoba Generic Content Management System

Manas Bellani

Publicado

2018-12-28

Atualizado

2019-01-28

CVE-2018-20568

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivan Cordoba Generic Content Management System (CMS) versions prior to 2018-04-28

Description The issue allows for SQL injection, which can be used for authentication bypass. This means an attacker could potentially gain unauthorized access to the system without proper credentials.

Recommendations For versions prior to 2018-04-28, update to a version released after 2018-04-28 to resolve the issue.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-20568

Produtos afetados

Ivan Cordoba Generic Content Management System

PT-2018-15438 · Ivan Cordoba · Ivan Cordoba Generic Content Management System

CVE-2018-20568

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3