PT-2020-13539 · Jason2605 · Jason2605 Adminpanel

Published

2020-05-24

Updated

2020-05-27

CVE-2020-13433

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jason2605 AdminPanel version 4.0

Description The issue allows SQL Injection via the editPlayer.php page, specifically through a hidden parameter.

Recommendations For Jason2605 AdminPanel version 4.0, consider restricting access to the editPlayer.php page until a patch is available. As a temporary workaround, avoid using the hidden parameter in the editPlayer.php page to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-13433

Affected Products

Jason2605 Adminpanel

PT-2020-13539 · Jason2605 · Jason2605 Adminpanel

CVE-2020-13433

Weakness Enumeration

Related Identifiers

Affected Products

References · 4