PT-2017-14923 · Readymade · Readymade Video Sharing Script

Ihsan Sencan

Published

2017-12-13

Updated

2017-12-26

CVE-2017-17627

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Readymade Video Sharing Script version 3.2

Description The issue concerns a SQL Injection vulnerability. It occurs via the report videos array parameter in the "single-video-detail.php" API endpoint.

Recommendations For Readymade Video Sharing Script version 3.2, consider restricting access to the report videos array parameter in the "single-video-detail.php" endpoint until a patch is available. Avoid using the report videos parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-17627

Affected Products

Readymade Video Sharing Script

PT-2017-14923 · Readymade · Readymade Video Sharing Script

CVE-2017-17627

Weakness Enumeration

Related Identifiers

Affected Products

References · 4