Описание
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value.
Ссылки
- ExploitThird Party Advisory
- Exploit
- ExploitThird Party Advisory
- Exploit
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value.
Уязвимость метода setTermsHashAction компонента /opt/webapp/lib/PureApi/CCApi.class.php DLP-системы GTB Central Console, позволяющая нарушителю выполнять произвольные SQL-запросы
Уязвимость метода systemSettingsDnsDataAction компонента /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php DLP-системы GTB Central Console, позволяющая нарушителю выполнить произвольную команду
EPSS
9.8 Critical
CVSS3