CVE-2018-25424

Gate Pass Management System 2.1 SQL Injection via login-exec.php

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form parameters to authenticate without valid credentials and gain access to the application.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Livebms · Gate Pass Management System

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/45766no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://netcologne.dl.sourceforge.net/project/gatepass/gpms_Update.zip https://www.exploit-db.com/exploits/45766 https://www.vulncheck.com/advisories/gate-pass-management-system-sql-injection-via-login-exec-php http://www.livebms.com