CVE-2018-9245

Sažetak

The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.

Reference

https://gist.github.com/berkgoksel/99ba5c1f3f9f6e4e33e7ad966c007693
https://www.exploit-db.com/exploits/44515/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

25-05-2018 - 15:33

Objavljeno

22-04-2018 - 13:29