Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on May 15th, 2019 📆 | 1830 Views ⚑

0

Tubigan Welcome to our Resort 1.0 index.php q sql injection


Text to Speech

CVSS Meta Temp Score Current Exploit Price (≈)
6.1 $0-$5k

A vulnerability was found in Tubigan Welcome to our Resort 1.0. It has been classified as critical. This affects code of the file index.php?p=accomodation. The manipulation of the argument q with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. This is going to have an impact on confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.

The weakness was published 05/14/2019 as EDB-ID 45728 as uncorroborated exploit (Exploit-DB). It is possible to read the advisory at exploit-db.com. This vulnerability is uniquely identified as CVE-2018-18800 since 10/28/2018. It is possible to initiate the attack remotely. Technical details and a public exploit are known.

After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The exploit is shared for download at exploit-db.com.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Vendor

Name

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.1

VulDB Base Score: ≈6.3
VulDB Temp Score: ≈6.1
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Sql injection (CWE-89)
Local: No
Remote: Yes





Availability: ?
Access: Public
Status: Proof-of-Concept
Download: ?

Price Prediction: ?
Current Price Estimation: ?


0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock


Exploit-DB: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: no mitigation known
0-Day Time: ?
Exploit Delay Time: ?10/28/2018 CVE assigned
05/14/2019 +198 days Advisory disclosed
05/14/2019 +0 days Exploit disclosed
05/14/2019 +0 days EDB entry disclosed
05/15/2019 +1 days VulDB entry created
05/15/2019 +0 days VulDB last updateAdvisory: EDB-ID 45728
Status: Uncorroborated

CVE: CVE-2018-18800 (?)

Created: 05/15/2019 10:12 AM
Complete: ?

See the underground prices here!

https://vuldb.com/?id.135015

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑