Web Vulnerability Report

Vulnerability Index
ID EDB-ID-48417
CVSS 3.0 N/A
Cloudbric Score
?
High
Cloudbric Detection Yes
Vulnerability Type Link
Published Date 2020-05-05
Updated Date 2020-05-05
Vendor N/A
Description Multiple remote sql-injection web vulnerabilities has been discovered in the official Fishing Reservation System application. The vulnerability allows remote attackers to inject or execute own SQL commands to compromise the dbms or file system of the application. The remote sql injection web vulnerabilites are located in the pid, type and uid parameters of the admin.php control panel file. Guest accounts or low privileged user accounts are able to inject and execute own malicious sql commands as statement to compromise the local database and affected management system. The request method to inject/execute is GET and the attack vector is client-side. The vulnerability is a classic order by remote sql injection web vulnerability. Exploitation of the remote sql injection vulnerability requires no user interaction and a low privileged web-application user / guest account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.
Reference N/A
URL Link
Threat Index Table
ID Description Vulnerability Type
Cloudbric Score
?
Updated Date Detection

To receive weekly updates on new vulnerabilities added to Threat Index

Subscribe Now