PT-2013-5953 · Project'Or · Project'Or Ria

Vicente Aguilera Diaz

Published

2013-11-14

Updated

2017-08-29

CVE-2013-6164

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Project'Or RIA version 3.4.0

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the objectId parameter in the view/objectDetail.php file.

Recommendations For Project'Or RIA version 3.4.0, consider restricting access to the view/objectDetail.php file until a patch is available, and avoid using the objectId parameter in this context to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2013-6164

Affected Products

Project'Or Ria

PT-2013-5953 · Project'Or · Project'Or Ria

CVE-2013-6164

Weakness Enumeration

Related Identifiers

Affected Products

References · 11