CVE-2018-6792
Last modified
CVE-2018-6792 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:filter. EPSS estimates a 1.11% chance of exploitation in the next 30 days.
Description
Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:filter. The GET parameter is nombreAgente.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Saifor | Cvms Hub | 1.3.1 |
References
- https://www.tarlogic.com/advisories/Tarlogic-2018-001.txtThird Party Advisory
- https://www.tarlogic.com/advisories/Tarlogic-2018-001.txtThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-6792?
How severe is CVE-2018-6792?
How do I fix CVE-2018-6792?
Are you affected by CVE-2018-6792?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST