PT-2023-28816 · Unknown · Tianchoy/Blog
Chiaki2333
·
Publicado
2023-09-26
·
Atualizado
2023-09-29
·
CVE-2023-43381
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tianchoy Blog version 1.8.8
Description
A SQL Injection issue allows a remote attacker to obtain sensitive information via the
id parameter in the "login.php" API endpoint.Recommendations
For Tianchoy Blog version 1.8.8, avoid using the
id parameter in the "login.php" endpoint until the issue is resolved. Consider temporarily restricting access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tianchoy/Blog