PT-2020-13806 · Crk · Crk Business Platform
Chapman (R3Naissance) Schleiss
·
Published
2020-12-23
·
Updated
2020-12-23
·
CVE-2020-13968
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CRK Business Platform versions prior to 2019.1
Description
The issue allows SQL statements to be injected against the database on any path using the
strSessao parameter. This enables potential attackers to manipulate database queries, potentially leading to unauthorized data access or modification.Recommendations
For CRK Business Platform versions prior to 2019.1, consider restricting access to the
strSessao parameter to minimize the risk of SQL injection attacks until a patch or fix is available. Avoid using the strSessao parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crk Business Platform