Web Vulnerability Report
| ID | EDB-ID-48417 |
| CVSS 3.0 | N/A |
|
Cloudbric Score
?
|
High |
| Cloudbric Detection | Yes |
| Vulnerability Type | SQL Injection |
| Published Date | 2020-05-05 |
| Updated Date | 2020-05-05 |
| Vendor | N/A |
| Description | Multiple remote sql-injection web vulnerabilities has been discovered in the official Fishing Reservation System application. The vulnerability allows remote attackers to inject or execute own SQL commands to compromise the dbms or file system of the application. The remote sql injection web vulnerabilites are located in the pid, type and uid parameters of the admin.php control panel file. Guest accounts or low privileged user accounts are able to inject and execute own malicious sql commands as statement to compromise the local database and affected management system. The request method to inject/execute is GET and the attack vector is client-side. The vulnerability is a classic order by remote sql injection web vulnerability. Exploitation of the remote sql injection vulnerability requires no user interaction and a low privileged web-application user / guest account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. |
| Reference | N/A |
| URL Link | https://www.exploit-db.com/exploits/48417/ |
This vulnerability has been detected by Cloudbric!
Block NOW!
| ID | Description | Vulnerability Type |
Cloudbric Score
?
|
Updated Date | Detection |
|---|
To receive weekly updates on new vulnerabilities added to Threat Index
Subscribe Now