CVE-2019-11362

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.
References
Link Resource
https://github.com/rocboss/ROCBOSS/issues/12 Exploit Patch
Configurations

Configuration 1

cpe:2.3:a:rocboss:rocboss:2.2.1:*:*:*:*:*:*:*

Information

Published : 2019-04-20 01:29

Updated : 2019-04-22 07:06


NVD link : CVE-2019-11362

Mitre link : CVE-2019-11362

Products Affected
No products.
CWE