Published on June 20th, 2019 📆 | 5703 Views ⚑
0Open Faculty Evaluation System 7 on PHP7 submit_feedback.php sql injection
CVSS Meta Temp Score | Current Exploit Price (β) |
---|---|
6.3 | $0-$5k |
A vulnerability, which was classified as critical, has been found in Open Faculty Evaluation System 7 on PHP7. This issue affects an unknown part of the file submit_feedback.php. The manipulation with an unknown input leads to a sql injection vulnerability. Using CWE to declare the problem leads to CWE-89. Impacted is confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.
The weakness was published 06/19/2019. The identification of this vulnerability is CVE-2018-18758 since 10/28/2018. The attack may be initiated remotely. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 06/19/2019).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Similar entry is available at 136684.
Name
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.3
VulDB Base Score: 6.3
VulDB Temp Score: 6.3
VulDB Vector: π
VulDB Reliability: π
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
π | π | π | π | π | π |
π | π | π | π | π | π |
π | π | π | π | π | π |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Sql injection (CWE-89)
Local: No
Remote: Yes
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: no mitigation known
0-Day Time: π
10/28/2018 CVE assigned
06/19/2019 Advisory disclosed
06/19/2019 VulDB entry created
06/19/2019 VulDB last update
CVE: CVE-2018-18758 (π)
See also: πCreated: 06/20/2019 12:00 AM
Complete: π
Comments
Check our Alexa App!
https://vuldb.com/?id.136685
No comments yet. Please log in to comment.