SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.
References
Link | Resource |
---|---|
https://gist.github.com/victomteng1997/a0d47d6982a7b382f632ec7e8c3307f1 | Exploit Third Party Advisory |
https://github.com/seopanel/Seo-Panel/issues/219 | Exploit Vendor Advisory |
https://www.seopanel.org/ | Vendor Advisory |
Configurations
History
23 Feb 2023, 04:58
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.seopanel.org/ - Vendor Advisory | |
References | (MISC) https://github.com/seopanel/Seo-Panel/issues/219 - Exploit, Vendor Advisory | |
References | (MISC) https://gist.github.com/victomteng1997/a0d47d6982a7b382f632ec7e8c3307f1 - Exploit, Third Party Advisory | |
First Time |
Seopanel seo Panel
Seopanel |
|
CPE | cpe:2.3:a:seopanel:seo_panel:4.9.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-89 |
15 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-15 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-34117
Mitre link : CVE-2021-34117
CVE.ORG link : CVE-2021-34117
JSON object : View
Products Affected
seopanel
- seo_panel
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')