PT-2018-16939 · Navarino · Navarino Infinity

Vangelis Stykas

Published

2018-07-24

Updated

2019-10-09

CVE-2018-5386

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Navarino Infinity versions prior to 2.3

Description The issue allows certain Navarino Infinity functions, when placed in the URL, to bypass authentication mechanisms. This can lead to an information leak.

Recommendations For versions prior to 2.3, update to version 2.3 or later to resolve the issue.

Exploit

Fix

Authentication Bypass Using an Alternate Path or Channel

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-200

Related Identifiers

CVE-2018-5386

Affected Products

Navarino Infinity

PT-2018-16939 · Navarino · Navarino Infinity

CVE-2018-5386

Weakness Enumeration

Related Identifiers

Affected Products

References · 7