PT-2022-9025 · Unknown · Dwc Network Server Emulator
Published
2022-12-25
·
Updated
2024-05-17
·
CVE-2020-36631
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
barronwaffles dwc network server emulator (affected versions not specified)
Description
A critical issue has been found in the dwc network server emulator, affecting the
update profile function in the file gamespy/gs database.py. The manipulation of the firstname and lastname arguments leads to SQL injection. This issue can be exploited remotely.Recommendations
Apply the patch f70eb21394f75019886fbc2fb536de36161ba422 to fix this issue.
As a temporary workaround, consider restricting the manipulation of the
firstname and lastname arguments in the update profile function until the patch is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dwc Network Server Emulator