Vulnerability Name: | CCN-143477 | ||||||
Published: | 2018-05-17 | ||||||
Updated: | 2018-05-17 | ||||||
Summary: | NodAPS is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements using the 'search' parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. | ||||||
CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) 6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:U/RC:R)
| ||||||
CVSS v2 Severity: | 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
| ||||||
Vulnerability Consequences: | Data Manipulation | ||||||
References: | Source: CCN Type: CodeCanyon Web site Online Booking system - NodAPS by chictheme | CodeCanyon Source: XF Type: UNKNOWN nodaps-sql-injection(143477) Source: CCN Type: Packet Storm Security [05-17-2018] NodAPS 4.0 Cross Site Request Forgery / SQL Injection Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [05-17-2018] | ||||||
BACK |