SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
References
Link | Resource |
---|---|
https://github.com/unh3x/just4cve/issues/3 | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/44873/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-06-08 04:29
Updated : 2018-07-17 10:44
NVD link : CVE-2018-12052
Mitre link : CVE-2018-12052
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
schools_alert_management_script_project
- schools_alert_management_script