PT-2018-15438 · Ivan Cordoba · Ivan Cordoba Generic Content Management System

Manas Bellani

Published

2018-12-28

Updated

2019-01-28

CVE-2018-20568

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivan Cordoba Generic Content Management System (CMS) versions prior to 2018-04-28

Description The issue allows for SQL injection, which can be used for authentication bypass. This means an attacker could potentially gain unauthorized access to the system without proper credentials.

Recommendations For versions prior to 2018-04-28, update to a version released after 2018-04-28 to resolve the issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-20568

Affected Products

Ivan Cordoba Generic Content Management System

PT-2018-15438 · Ivan Cordoba · Ivan Cordoba Generic Content Management System

CVE-2018-20568

Weakness Enumeration

Related Identifiers

Affected Products

References · 3