SQL Injection Vulnerability in Advanced World Database by Advanced World
CVE-2017-17640

9.8CRITICAL

Key Information:

Vendor: Advanced World Database Project
Status: Advanced World Database
Vendor: CVE Published:; 13 December 2017

🔔 Create Advanced World Database Project Vulnerability Alert

What is CVE-2017-17640?

The Advanced World Database version 2.0.5 is vulnerable to SQL Injection attacks due to improper validation of the 'country' or 'state' parameters in the city.php and state.php files. This vulnerability can allow an attacker to manipulate SQL queries, potentially gaining unauthorized access to sensitive information stored in the database.

References

https://packetstormsecurity.com/files/145352/Advanced-Wor...

x_refsource_MISC

https://www.exploit-db.com/exploits/43311/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2017
Vulnerability Reserved
Dec 13, 2017