CVE-2018-17110

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0200%

EPSS Percentile29.28th

Published2018年9月17日

Last Modified2024年11月21日

Vulnerability Description

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.

Affected Platforms (CPE)

📦

Tecdiary

Simple Pos

= 4.0.24

References & Advisories

🔗 https://www.exploit-db.com/exploits/45328/

関連する脆弱性情報

CVE-2021-414929.8

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the ...

CVE-2018-556010.0

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2018-431010.0

An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10....