PT-2019-13902 · Imcat · Imcat
Kernelcop
·
Published
2019-08-12
·
Updated
2019-08-15
·
CVE-2019-14968
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
imcat version 4.9
Description
An issue was discovered that allows SQL Injection via the "order" parameter in the "index.php" endpoint, specifically when the "mod" parameter is set to "faqs".
Recommendations
For imcat version 4.9, consider restricting access to the vulnerable
index.php endpoint with mod=faqs action until a patch is available. Avoid using the order parameter in this endpoint to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imcat