PT-2017-14323 · Pg · Pg All Share Video

Ihsan Sencan

Published

2017-10-29

Updated

2017-11-16

CVE-2017-15969

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PG All Share Video version 1.0

Description The issue allows SQL Injection via the PATH INFO to various endpoints, including "search/tag", "friends/index", "users/profile", or "video catalog/category".

Recommendations For PG All Share Video version 1.0, consider restricting access to the mentioned endpoints as a temporary workaround until a patch is available. Avoid using user-supplied input in SQL queries for these endpoints.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-15969

Affected Products

Pg All Share Video

PT-2017-14323 · Pg · Pg All Share Video

CVE-2017-15969

Weakness Enumeration

Related Identifiers

Affected Products

References · 4