PT-2019-12063 · Unknown · Form Maker

Publicado

2019-05-23

Atualizado

2019-08-03

CVE-2019-10866

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Form Maker plugin versions prior to 1.13.3

Description The issue allows for SQL injection in the get labels parameters function, located in the form-maker/admin/models/Submissions fm.php file, by providing a crafted value for the /models/Submissioc parameter.

Recommendations For versions prior to 1.13.3, update to version 1.13.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the get labels parameters function in the Submissions fm.php file until the update is applied.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2019-10866

Produtos afetados

Form Maker

PT-2019-12063 · Unknown · Form Maker

CVE-2019-10866

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6