PT-2020-13307 · Rainbowfish · Rainbowfish Pacsone Server

Published

2020-09-30

Updated

2020-10-02

CVE-2020-12870

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RainbowFish PacsOne Server version 6.8.4

Description The issue allows SQL injection on the username parameter in the "signup page" API endpoint.

Recommendations For RainbowFish PacsOne Server version 6.8.4, avoid using the username parameter in the signup page until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-12870

Affected Products

Rainbowfish Pacsone Server

PT-2020-13307 · Rainbowfish · Rainbowfish Pacsone Server

CVE-2020-12870

Weakness Enumeration

Related Identifiers

Affected Products

References · 4