CVE-2018-5384

Sažetak

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication.

Reference

https://www.kb.cert.org/vuls/id/184077
https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html
http://www.securityfocus.com/bid/103544
https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:58

Objavljeno

24-07-2018 - 15:29