CVE-2019-5488

Name of the Vulnerable Software and Affected Versions EARCLINK ESPCMS-P8

Description The issue concerns a SQL injection in the install pack/index.php ac=Member&at=verifyAccount endpoint, specifically in the verify key parameter. This could potentially allow an attacker to retrieve sensitive information from the ESPCMS database through the espcms db.php file.

Recommendations For EARCLINK ESPCMS-P8, consider restricting access to the install pack/index.php endpoint, specifically the ac=Member&at=verifyAccount section, to minimize the risk of exploitation. Avoid using the verify key parameter in this endpoint until the issue is resolved.