PT-2019-9460 · Twilio · Twilio Web To Fax Machine System
Published
2019-06-19
·
Updated
2019-06-20
·
CVE-2018-17388
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Twilio WEB To Fax Machine System version 1.0
Description
The issue exists due to SQL Injection in the Twilio WEB To Fax Machine System. This can be exploited via the
email or password parameter to "login check.php", or the id parameter to "add email.php" or "edit content.php".Recommendations
For Twilio WEB To Fax Machine System version 1.0, consider validating and sanitizing user input for the
email, password, and id parameters to prevent SQL Injection attacks. As a temporary workaround, restrict access to "login check.php", "add email.php", and "edit content.php" to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Twilio Web To Fax Machine System