PT-2018-10234 · Etere · Etereweb
Dion Bellemare
·
Published
2018-06-17
·
Updated
2018-08-14
·
CVE-2018-10997
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Etere EtereWeb versions prior to 28.1.20
Description
The issue is related to a pre-authentication blind SQL injection. This occurs in the POST parameters
txUserName and txPassword.Recommendations
For versions prior to 28.1.20, update to version 28.1.20 or later to resolve the issue.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Etereweb