NextGuard
UNKNOWNCVE-2018-25210

WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter

Platform

other

Component

webofisi-e-ticaret

View on NVD

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.

How to fix

Actualizar WebOfisi E-Ticaret a una versión posterior a la 4.0 que corrija la vulnerabilidad de inyección SQL. Consultar al proveedor para obtener la versión actualizada o aplicar las medidas de seguridad recomendadas.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2018-25210 — Vulnerability Details | NextGuard | NextGuard