PT-2019-18658 · Waimai · Waimai Super Cms

Stefanowen

Published

2019-02-07

Updated

2019-02-08

CVE-2019-7585

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Waimai Super Cms version 20150505

Description An issue was discovered that allows time-based SQL Injection. The /index.php?m=public&a=checkemail URI is vulnerable via the param array parameter in the web/Lib/Action/PublicAction.class.php file.

Recommendations For Waimai Super Cms version 20150505, consider restricting access to the /index.php?m=public&a=checkemail URI until a patch is available. As a temporary workaround, avoid using the param array parameter in the PublicAction.class.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-7585

Affected Products

Waimai Super Cms

PT-2019-18658 · Waimai · Waimai Super Cms

CVE-2019-7585

Weakness Enumeration

Related Identifiers

Affected Products

References · 3