PT-2026-3042 · Kmaleon · Kmaleon
Amel Bouziane-Leblond
·
Publicado
2026-01-15
·
Atualizado
2026-01-15
·
CVE-2021-47766
CVSS v3.1
7.1
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kmaleon version 1.1.0.205
Description
Kmaleon version 1.1.0.205 contains an authenticated SQL injection flaw in the
tipocomb parameter of the 'kmaleonW.php' file. This allows attackers to manipulate database queries. Exploitation is possible using boolean-based, error-based, and time-based blind SQL injection techniques, potentially leading to the extraction or manipulation of database information. The vulnerable parameter is tipocomb within the 'kmaleonW.php' file.Recommendations
Apply updates to address the SQL injection flaw in the 'kmaleonW.php' file and the
tipocomb parameter.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kmaleon