PT-2018-14751 · Nuuo · Nuuo Cms
Pedro Ribeiro
·
Published
2018-11-27
·
Updated
2019-10-09
·
CVE-2018-18982
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NUUO CMS versions 3.3 and prior
Description
The web server application in NUUO CMS allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
Recommendations
For versions 3.3 and prior, update to a version later than 3.3 to resolve the issue. If no newer version is available, consider restricting access to the web server application to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nuuo Cms