[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-14738

Date: (C)2017-10-04   (M)2017-10-11
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).

Reference:
EXPLOIT-DB-42922
http://feedback.filerun.com/topics/189-critical-security-update-available/
https://blog.spentera.com/2017/09/29/blind-sql-injection-vulnerability-in-filerun-2017-09-18/

CWE    1
CWE-89

© 2013 SecPod Technologies