PT-2023-11804 · Unknown · Tailoring Management System

Abdallah Fouad

Publicado

2023-04-06

Atualizado

2026-02-03

CVE-2020-36074

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tailor Mangement System version 1

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the title parameter. This enables the attacker to potentially access or modify sensitive data.

Recommendations For Tailor Mangement System version 1, consider restricting access to the title parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the title parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-89

Identificadores relacionados

CVE-2020-36074

Produtos afetados

Tailoring Management System

PT-2023-11804 · Unknown · Tailoring Management System

CVE-2020-36074

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6