Dismissed
Permalink
CVE-2020-37105
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse removed package pmbootstrap
- @LeSuisse dismissed
PMB 5.6 - 'logid' SQL Injection
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database.
References
- ExploitDB-48356 exploit
- Vendor Homepage product
- Software Download Repository product
- VulnCheck Advisory: PMB 5.6 - 'logid' SQL Injection third-party-advisory
- VulnCheck Advisory: PMB 5.6 - 'logid' SQL Injection third-party-advisory
- ExploitDB-48356 exploit
- Vendor Homepage product
- Software Download Repository product
Affected products
PMB
- ==5.6