PT-2020-10390 · Php Scripts Mall · Advanced-Real-Estate-Script

Published

2020-01-05

Updated

2020-01-09

CVE-2019-20337

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHP Scripts Mall advanced-real-estate-script version 4.0.9

Description The issue concerns a SQL Injection vulnerability. Specifically, the news id parameter in the news edit.php script is vulnerable.

Recommendations For version 4.0.9, avoid using the news id parameter in the news edit.php script until the issue is resolved. As a temporary workaround, consider validating and sanitizing user input for the news id parameter to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-20337

Affected Products

Advanced-Real-Estate-Script

PT-2020-10390 · Php Scripts Mall · Advanced-Real-Estate-Script

CVE-2019-20337

Weakness Enumeration

Related Identifiers

Affected Products

References · 3