Back to CVE List

CVE-2018-25191

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Vulnerability Description

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. Attackers can send POST requests to the editar_producto.php endpoint with crafted SQL payloads in the mod_id parameter to extract sensitive database information including usernames, database names, and version details.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
Obedalvarado
Product
Facturation System

External References

Discussion (0)

Add Comment

No comments yet. Be the first!