ГлавнаяУязвимости → CVE-2018-25173
8.2высокая

CVE-2018-25173

Описание

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data.

CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Источники
https://www.exploit-db.com/exploits/45855https://www.vulncheck.com/advisories/rmedia-sms-sql-injection-via-editgrpphp