Sqlitemanager4/24/2023 ![]() SQLiteManager_fullText=0 SQLiteManager_HTMLon=0 SQLiteManager_currentTheme=default SQLiteManager_currentLangue=8 The code used by the exploit is: POST /sqlite/main.php?dbsel=-1%20or%2032%20%3d%2030 HTTP/1.1Ĭontent-Type: application/x-www-form-urlencodedĬookie: PHPSESSID=s5uogfet0s4nhr81ihgmg5l4v3 During that time the estimated underground price was around $0-$5k. The vulnerability was handled as a non-public zero-day exploit for at least 8 days. MITRE ATT&CK project uses the attack technique T1505 for this issue.Ī public exploit has been developed by Rafael Pedrero and been published immediately after the advisory. Technical details as well as a public exploit are known. No form of authentication is needed for a successful exploitation. The identification of this vulnerability is CVE-2019-9083 since. The weakness was shared by Rafael Pedrero as Blind SQL injection in SQLiteManager 1.2.0 (and 1.2.4) as not defined mailinglist post (Full-Disclosure). Impacted is confidentiality, integrity, and availability. The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Using CWE to declare the problem leads to CWE-89. The manipulation with an unknown input leads to a sql injection vulnerability. ![]() ![]() This issue affects an unknown code of the file /sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in SQLiteManager 1.2.0/1.2.4. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |