SVE-001608 | Date: (C)2021-09-08 (M)2021-06-02 |
Mess Management System SQL Injection Vulnerability. An SQL Injection Vulnerability exists in Mess Management System because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, which allows an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 9.8 | CVSS Score : 7.5 |
Exploit Score: 3.9 | Exploit Score: 10.0 |
Impact Score: 5.9 | Impact Score: 6.4 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: NONE | Authentication: NONE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: PARTIAL |
Confidentiality: HIGH | Availability: PARTIAL |
Integrity: HIGH | |
Availability: HIGH | |
| |