Published on May 15th, 2019 📆 | 1830 Views ⚑
0Tubigan Welcome to our Resort 1.0 index.php q sql injection
CVSS Meta Temp Score | Current Exploit Price (≈) |
---|---|
6.1 | $0-$5k |
A vulnerability was found in Tubigan Welcome to our Resort 1.0. It has been classified as critical. This affects code of the file index.php?p=accomodation. The manipulation of the argument q
with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. This is going to have an impact on confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.
The weakness was published 05/14/2019 as EDB-ID 45728 as uncorroborated exploit (Exploit-DB). It is possible to read the advisory at exploit-db.com. This vulnerability is uniquely identified as CVE-2018-18800 since 10/28/2018. It is possible to initiate the attack remotely. Technical details and a public exploit are known.
After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The exploit is shared for download at exploit-db.com.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Vendor
Name
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.1
VulDB Base Score: ≈6.3
VulDB Temp Score: ≈6.1
VulDB Vector: ?
VulDB Reliability: ?
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Sql injection (CWE-89)
Local: No
Remote: Yes
Availability: ?
Access: Public
Status: Proof-of-Concept
Download: ?
Price Prediction: ?
Current Price Estimation: ?
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Exploit-DB: ?
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: no mitigation known
0-Day Time: ?
Exploit Delay Time: ?10/28/2018 CVE assigned
05/14/2019 Advisory disclosed
05/14/2019 Exploit disclosed
05/14/2019 EDB entry disclosed
05/15/2019 VulDB entry created
05/15/2019 VulDB last updateAdvisory: EDB-ID 45728
Status: Uncorroborated
CVE: CVE-2018-18800 (?)
Created: 05/15/2019 10:12 AM
Complete: ?
See the underground prices here!
https://vuldb.com/?id.135015
Gloss