PT-2018-14335 · Wikidforum · Wikidforum

Published

2018-10-09

Updated

2018-11-21

CVE-2018-18075

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WikidForum version 2.20

Description The issue concerns SQL Injection, which can be exploited through specific parameters in the software. The vulnerable parameters include parent post id and num records in the 'rpc.php' endpoint, as well as the select sort parameter in the 'index.php?action=search' endpoint.

Recommendations For WikidForum version 2.20, consider restricting access to the rpc.php and index.php endpoints until a patch is available. As a temporary workaround, avoid using the parent post id, num records, and select sort parameters in the affected endpoints to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-18075

Affected Products

Wikidforum

PT-2018-14335 · Wikidforum · Wikidforum

CVE-2018-18075

Weakness Enumeration

Related Identifiers

Affected Products

References · 4