PT-2022-7977 · Unknown · Simplessus
Dr. Adrian Vollmer
·
Published
2022-06-28
·
Updated
2022-07-07
·
CVE-2017-20104
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Simplessus version 3.7.7
Description
A critical issue affects the Cookie Handler component, where manipulation of the
UWA SID argument leads to sql injection. This can be initiated remotely. The issue has been publicly disclosed and may be exploited.Recommendations
For Simplessus version 3.7.7, upgrade to version 3.8.3 to address this issue. As a temporary workaround, consider restricting access to the Cookie Handler component until the upgrade is applied.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simplessus