PT-2019-9538 · Layerbb · Layerbb
Yaoyao6688
·
Publicado
2019-03-07
·
Atualizado
2022-04-19
·
CVE-2018-17988
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LayerBB versions 1.1.1 through 1.1.3
Description
The issue is related to SQL Injection via the "search.php" API endpoint, specifically through the
search query parameter. This allows for potential exploitation.Recommendations
For versions 1.1.1 and 1.1.3, avoid using the
search query parameter in the "search.php" endpoint until a fix is available.
As a temporary workaround, consider restricting access to the "search.php" endpoint to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Layerbb