Lucene search

[email protected]CVE-2017-20131

HistoryJul 16, 2022 - 7:15 a.m.

CVE-2017-20131

2022-07-1607:15:07

CWE-89

[email protected]

web.nvd.nist.gov

vulnerability

itech news portal

6.28

critical

sql injection

remote attack

inf argument

information.php

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected configurations

Vulners

NVD

Node

itechnews_portalMatch6.28

CPENameOperatorVersion
itechscripts:news_portal_scriptitechscripts news portal scripteq6.28

CPE	Name	Operator	Version
itechscripts:news_portal_script	itechscripts news portal script	eq	6.28

CNA Affected

[
  {
    "product": "News Portal",
    "vendor": "Itech",
    "versions": [
      {
        "status": "affected",
        "version": "6.28"
      }
    ]
  }
]

References

vuldb.com/?id.96288

www.exploit-db.com/exploits/41194/

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2017-20131

cvelist1 prion1 nvd1