PT-2023-10332 · Forumhulp · Forumhulp
Leinad4Mind
·
Publicado
2023-01-07
·
Atualizado
2024-05-17
·
CVE-2016-15013
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ForumHulp (affected versions not specified)
Description
A critical issue was found in ForumHulp searchresults, affecting the
list keywords function of the file event/listener.php. The manipulation of the word argument leads to SQL injection.Recommendations
Apply a patch to fix this issue. The patch name is dd8a312bb285ad9735a8e1da58e9e955837b7322. As a temporary workaround, consider disabling the
list keywords function until a patch is available. Restrict access to the event/listener.php file to minimize the risk of exploitation. Avoid using the word argument in the affected function until the issue is resolved.Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Forumhulp