PT-2019-8545 · Kama · Kama-Clic-Counter

Manuel García Cárdenas

Published

2019-09-13

Updated

2019-09-16

CVE-2017-18614

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions kama-clic-counter plugin version 3.4.9

Description The issue concerns SQL injection via the order parameter in the "admin.php" endpoint. This allows for potential exploitation by injecting malicious SQL code.

Recommendations For kama-clic-counter plugin version 3.4.9, avoid using the order parameter in the "admin.php" endpoint until a fix is available. Consider temporarily restricting access to the admin.php endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-18614

Affected Products

Kama-Clic-Counter

PT-2019-8545 · Kama · Kama-Clic-Counter

CVE-2017-18614

Weakness Enumeration

Related Identifiers

Affected Products

References · 4