ГлавнаяУязвимости → CVE-2018-25161
8.2высокая

CVE-2018-25161

Описание

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details.

CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Источники
https://www.exploit-db.com/exploits/45881https://www.vulncheck.com/advisories/warranty-tracking-system-sql-injection-via-searchcustomerphp