PT-2019-18525 · Css Tricks · Css-Tricks Chat2

Eddie Tc Chang

Published

2019-02-04

Updated

2020-10-07

CVE-2019-7316

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CSS-TRICKS Chat2 versions through 2015-05-05

Description An issue was discovered in the software, where the userid parameter in the "jumpin.php" endpoint has a SQL injection issue.

Recommendations For CSS-TRICKS Chat2 versions through 2015-05-05, avoid using the userid parameter in the "jumpin.php" endpoint until the issue is resolved. Consider restricting access to the "jumpin.php" endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-7316

Affected Products

Css-Tricks Chat2

PT-2019-18525 · Css Tricks · Css-Tricks Chat2

CVE-2019-7316

Weakness Enumeration

Related Identifiers

Affected Products

References · 5