PT-2020-15651 · Unknown · Stock Management System

Adeeb Shah

Published

2020-09-09

Updated

2020-09-15

CVE-2020-24197

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Stock Management System version 1.0

Description A SQL injection issue in the login component allows a remote attacker to execute arbitrary SQL commands via the username parameter.

Recommendations For Stock Management System version 1.0, avoid using the username parameter in the login component until the issue is resolved. Consider temporarily restricting access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-24197

Affected Products

Stock Management System

PT-2020-15651 · Unknown · Stock Management System

CVE-2020-24197

Weakness Enumeration

Related Identifiers

Affected Products

References · 4