KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154184/KBPublisher-6.0.2.1-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/pandujar/advisories/blob/master/KBPublisher_6.0.2.1_en.txt | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-08-21 20:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-10687
Mitre link : CVE-2019-10687
CVE.ORG link : CVE-2019-10687
JSON object : View
Products Affected
kbpublisher
- kbpublisher
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')