The vulnerability of the PayAction.class.php script of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager CWM(100) allows a hacker to inject any desired web script or HTML code.

The vulnerability of the PayAction.class.php script of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager CWM100 is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker t...

CVE-2019-13375

CVE-2019-13375 relates to a SQL injection in the D-Link Central WiFi Manager CWM-100 (pre-1.03R0100_BETA6). The flaw resides in PayAction.class.php via the index.php/Pay/passcodeAuth parameter passcode, exploitable without authentication to leak data and modify the database. Connected Red Hat and...