PT-2019-8010 · Orpak · Orpak Siteomat

Publicado

2019-06-03

Atualizado

2019-06-04

CVE-2017-14851

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Orpak SiteOmat versions prior to 2017-09-25

Description A SQL injection issue exists in the login page of the affected software, specifically in the authentication validation process, which contains an insecure SELECT query. This allows for authentication bypass.

Recommendations For Orpak SiteOmat versions prior to 2017-09-25, consider updating to a version released after 2017-09-25 to resolve the issue. As a temporary workaround, restrict access to the login page to minimize the risk of exploitation.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2017-14851

Produtos afetados

Orpak Siteomat

PT-2019-8010 · Orpak · Orpak Siteomat

CVE-2017-14851

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6