UNKNOWNCVE-2018-25202
SAT CFDI 3.3 SQL Injection via signIn endpoint
Platform
other
Component
sat-cfdi
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloads to extract sensitive data or compromise the application.
How to fix
Actualizar a una versión parcheada del software SAT CFDI 3.3 que solucione la vulnerabilidad de inyección SQL. Contactar al proveedor (Wecodex) para obtener la versión actualizada o seguir sus recomendaciones de seguridad.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free