← back
CVE-2017-14738

CVE-2017-14738

EPSS 2.6%
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42922/unverifiedexploitdbwww.exploit-db.com/exploits/42922unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://feedback.filerun.com/topics/189-critical-security-update-available/https://blog.spentera.com/2017/09/29/blind-sql-injection-vulnerability-in-filerun-2017-09-18/https://www.exploit-db.com/exploits/42922/