CVE-2018-18982

Sažetak

NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02
https://www.exploit-db.com/exploits/46449/

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2019 - 23:37

Objavljeno

27-11-2018 - 20:29