SQL Injection Vulnerability in LUNAD3v AreaLoad
CVE-2017-20195

5.5MEDIUM

Key Information:

Vendor: Lunad3v
Status: Areaload
Vendor: CVE Published:; 29 October 2024

What is CVE-2017-20195?

A critical SQL injection vulnerability exists in LUNAD3v AreaLoad, specifically affecting the request.php file. This vulnerability allows an attacker to manipulate the 'phone' argument, leading to unauthorized database queries and potentially exposing sensitive data. As this product does not adhere to versioning, details regarding affected and unaffected releases are scant. To mitigate this vulnerability, users must apply the provided patch (commit: 264813c546dba03989ac0fc365f2022bf65e3be2) immediately. It is essential for administrators and security teams to remain vigilant and apply updates to prevent exploitation.

Affected Version(s)

AreaLoad 1a1103182ed63a06dde63d1712f3262eda19c3ec

References

https://vuldb.com/?id.281987

vdb-entrytechnical-description

https://vuldb.com/?ctiid.281987

signaturepermissions-required

https://github.com/LUNAD3v/areaload/commit/264813c546dba0...

patch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2024
Vulnerability Reserved
Oct 27, 2024

Credit

VulDB GitHub Commit Analyzer