ГлавнаяУязвимости → CVE-2019-25503
7.1высокая

CVE-2019-25503

Описание

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.

Затрагиваемое ПО
Blondish Phpads
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Источники
https://www.exploit-db.com/exploits/46798https://www.vulncheck.com/advisories/phpads-sql-injection-via-clickphp-bannerid