PT-2019-8880 · Elite · Elite Cms Pro

Manthatyoufear

Published

2019-07-03

Updated

2019-07-05

CVE-2018-12250

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Elite CMS Pro version 2.01

Description An issue was discovered in the software, where the page parameter in the /admin/add sidebar.php API endpoint is vulnerable to SQL injection.

Recommendations For Elite CMS Pro version 2.01, consider restricting access to the /admin/add sidebar.php API endpoint until a patch is available, and avoid using the page parameter to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-12250

Affected Products

Elite Cms Pro

PT-2019-8880 · Elite · Elite Cms Pro

CVE-2018-12250

Weakness Enumeration

Related Identifiers

Affected Products

References · 4