PT-2018-14664 · Unknown · Curriculum Evaluation System

Ihsan Sencan

Published

2018-11-16

Updated

2018-12-17

CVE-2018-18803

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Curriculum Evaluation System version 1.0

Description The issue allows SQL Injection via the login screen. It is related to the files frmCourse.vb and includes/user.vb.

Recommendations For Curriculum Evaluation System version 1.0, consider restricting access to the login screen until a patch is available. As a temporary workaround, review and modify the code in frmCourse.vb and includes/user.vb to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-18803

Affected Products

Curriculum Evaluation System

PT-2018-14664 · Unknown · Curriculum Evaluation System

CVE-2018-18803

Weakness Enumeration

Related Identifiers

Affected Products

References · 4