PT-2019-9285 · Creatiwity · Creatiwity Witycms

Twohub

Publicado

2019-06-20

Atualizado

2019-06-21

CVE-2018-16251

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Creatiwity wityCMS version 0.6.2

Description A search for user discovery injection issue exists, allowing unfiltered input parameters. Specifically, the issue is accessible via the "Utilisateur" menu, affecting parameters such as Nickname, email, firstname, lastname, and groupe in the /admin/user/users endpoint.

Recommendations For Creatiwity wityCMS version 0.6.2, consider restricting access to the /admin/user/users endpoint until a fix is available, and ensure that all input parameters, including Nickname, email, firstname, lastname, and groupe, are properly filtered to prevent injection.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-16251

Produtos afetados

Creatiwity Witycms

PT-2019-9285 · Creatiwity · Creatiwity Witycms

CVE-2018-16251

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3