PT-2019-18082 · Cleanto · Cleanto

Publicado

2019-01-15

Atualizado

2019-01-18

CVE-2019-6295

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cleanto version 5.0

Description The issue is related to SQL Injection via the service id parameter in the "assets/lib/service method ajax.php" API endpoint.

Recommendations For Cleanto version 5.0, avoid using the service id parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2019-6295

Cleanto