CVE-2018-25189
Data Center Audit 2.6.2 SQL Injection via username Parameter
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including usernames, database names, and version details.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Sourceforge · Data Center Audit¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →