Vulnerability Name: | CVE-2018-20477 (CCN-154821) | ||||||||||||
Assigned: | 2018-12-18 | ||||||||||||
Published: | 2018-12-18 | ||||||||||||
Updated: | 2018-12-30 | ||||||||||||
Summary: | An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | ||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 9.5 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:R)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:U/RC:R)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-89 | ||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-20477 Source: XF Type: UNKNOWN scms-cve201820477-sql-injection(154821) Source: CCN Type: Shell01 Web site scms-sql-injection | Shell01 Source: MISC Type: Exploit, Third Party Advisory https://shell01.top/2018/12/18/scms-sqlinject/ Source: CCN Type: S-CMS Web site S-CMS | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
BACK |