PT-2021-10743 · Phpcms · Phpcms

Blindkey

Published

2021-06-16

Updated

2021-06-21

CVE-2020-22199

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions phpCMS 2007 SP6 build 0805

Description The issue is related to a SQL Injection vulnerability. It can be exploited via the digg mod parameter to the "digg add.php" endpoint.

Recommendations For phpCMS 2007 SP6 build 0805, consider restricting access to the "digg add.php" endpoint until a fix is available. As a temporary workaround, avoid using the digg mod parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-22199

Affected Products

Phpcms

PT-2021-10743 · Phpcms · Phpcms

CVE-2020-22199

Weakness Enumeration

Related Identifiers

Affected Products

References · 4