PT-2019-18638 · Sidu · Sidu

Eddie Tc Chang

Published

2019-02-06

Updated

2019-02-07

CVE-2019-7546

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SIDU version 6.0

Description A reflected Cross-site Scripting (XSS) issue was found. The dbs parameter of the 'conn.php' page is vulnerable.

Recommendations For SIDU version 6.0, update the conn.php page to properly sanitize the dbs parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the conn.php page until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7546

Affected Products

Sidu

PT-2019-18638 · Sidu · Sidu

CVE-2019-7546

Weakness Enumeration

Related Identifiers

Affected Products

References · 3