CVE-2018-7734

Опубликовано: 06 мар. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request.

Ссылки

http://www.filerun.com/changelog
Vendor Advisory
https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available
Vendor Advisory
https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html
Exploit
Third Party Advisory
http://www.filerun.com/changelog
Vendor Advisory
https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available
Vendor Advisory
https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:afian:filerun:*:*:*:*:*:*:*:*

Версия до 2017.09.25 (включая)

EPSS

Процентиль: 75%

0.00859

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-48w9-cx3r-qxr5