CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protectedmodelsUser.php search() function.
References
Link Resource
https://sourceforge.net/p/crashfix/tickets/21/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:crashfix_project:crashfix:1.0.4:*:*:*:*:*:*:*

Information

Published : 2018-12-27 01:29

Updated : 2019-01-08 08:09


NVD link : CVE-2018-20508

Mitre link : CVE-2018-20508

Products Affected
No products.
CWE