CVE-2019-14266

2019-07-2515:07:07

mitre

www.cve.org

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php.

References

github.com/kikulo/DebugOpen/blob/master/OpenSNSv6.1.0/main.md