PT-2018-5304 · Zte · Zxcdn-Sns

Published

2018-07-25

Updated

2018-09-20

CVE-2017-10936

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ZTE ZXCDN-SNS versions prior to V4.01.01

Description The issue allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.

Recommendations For versions prior to V4.01.01, update to version V4.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the aoData parameter to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-10936

Affected Products

Zxcdn-Sns

PT-2018-5304 · Zte · Zxcdn-Sns

CVE-2017-10936

Weakness Enumeration

Related Identifiers

Affected Products

References · 3