CVE-2019-14254

Name of the Vulnerable Software and Affected Versions Publisure version 2.1.2

Description An issue in the secure portal of Publisure allows for SQL injections due to poorly sanitized SQL queries in the userAccFunctions.php file. This enables an attacker to access passwords and potentially grant access to the user account, escalating privileges to become an Administrator.

Recommendations For Publisure version 2.1.2, consider temporarily disabling the userAccFunctions.php file or restricting its use until a patch is available to prevent SQL injection attacks. Additionally, ensure that all SQL queries are properly sanitized to prevent such injections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.