PT-2018-16930 · Dbox · Dbox 3D Slider Lite

Publicado

2018-01-12

Atualizado

2018-01-24

CVE-2018-5374

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dbox 3D Slider Lite plugin versions prior to 1.2.3

Description The issue concerns SQL Injection via the settings/sliders.php endpoint, specifically the current slider id parameter.

Recommendations For Dbox 3D Slider Lite plugin versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings/sliders.php endpoint to minimize the risk of exploitation. Avoid using the current slider id parameter in the affected endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-5374

Produtos afetados

Dbox 3D Slider Lite

PT-2018-16930 · Dbox · Dbox 3D Slider Lite

CVE-2018-5374

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3