CVE-2018-1000630

2018-12-2814:00:00

mitre

www.cve.org

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

43.2%

JSON

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

References

exchange.xforce.ibmcloud.com/vulnerabilities/147307