PT-2022-8943 · Unknown · Victor Cms

Frkngkslop

Published

2022-06-16

Updated

2022-06-27

CVE-2020-35597

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Victor CMS version 1.0

Description The issue is related to SQL injection. It can be exploited via the c id parameter of "admin edit comment.php", the p id parameter of "admin edit post.php", the u id parameter of "admin edit user.php", and the edit parameter of "admin update categories.php".

Recommendations For Victor CMS version 1.0, consider disabling the admin edit comment.php, admin edit post.php, admin edit user.php, and admin update categories.php scripts until a patch is available to prevent SQL injection attacks. Restrict access to these scripts to minimize the risk of exploitation. Avoid using the c id, p id, u id, and edit parameters in the affected scripts until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-35597

Affected Products

Victor Cms

PT-2022-8943 · Unknown · Victor Cms

CVE-2020-35597

Weakness Enumeration

Related Identifiers

Affected Products

References · 7