Sql injection

2018-12-2713:29:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.5%

JSON

CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.

CPENameOperatorVersion
crashfixeq1.0.4

CPE	Name	Operator	Version
	crashfix	eq	1.0.4

References

sourceforge.net/p/crashfix/tickets/21/