PT-2017-14896 · Unknown · Basic B2B Script

Ihsan Sencan

Published

2017-12-13

Updated

2017-12-22

CVE-2017-17600

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Basic B2B Script version 2.0.8

Description The issue is related to SQL Injection, which occurs via the id parameter in the "product details.php" API endpoint.

Recommendations For Basic B2B Script version 2.0.8, consider restricting access to the product details.php endpoint or avoiding the use of the id parameter until a fix is available. As a temporary workaround, validate and sanitize all user input to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-17600

Affected Products

Basic B2B Script

PT-2017-14896 · Unknown · Basic B2B Script

CVE-2017-17600

Weakness Enumeration

Related Identifiers

Affected Products

References · 4