PT-2017-14716 · Techno · Techno - Portfolio Management Panel

Ihsan Sencan

Published

2017-12-11

Updated

2020-09-30

CVE-2017-17110

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Techno Portfolio Management Panel version 1.0

Description The issue allows an attacker to inject SQL commands via a "single.php?id=" request. This could potentially lead to unauthorized access or manipulation of data.

Recommendations For Techno Portfolio Management Panel version 1.0, consider validating and sanitizing user input for the id parameter in the "single.php" endpoint to prevent SQL injection attacks. As a temporary workaround, restrict access to the "single.php" endpoint until a proper fix is implemented.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-17110

Affected Products

Techno - Portfolio Management Panel

PT-2017-14716 · Techno · Techno - Portfolio Management Panel

CVE-2017-17110

Weakness Enumeration

Related Identifiers

Affected Products

References · 4