exploitDog

CVE-2019-19016

Опубликовано: 02 дек. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.

Ссылки

https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory
https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:titanhq:webtitan:*:*:*:*:*:*:*:*

Версия до 5.18 (исключая)

EPSS

Процентиль: 61%

0.00417

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-8ffp-rr49-55wh

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database.

EPSS

Процентиль: 61%

0.00417

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89