SQL Injection Vulnerability in Find a Place CMS Directory by Themerig
CVE-2019-8360

9.8CRITICAL

Key Information:

Vendor: Themerig
Status: Find A Place Cms Directory
Vendor: CVE Published:; 16 February 2019

What is CVE-2019-8360?

The Find a Place CMS Directory version 1.5, developed by Themerig, is susceptible to SQL injection attacks. This vulnerability can be exploited through the 'cate' parameter within the find/assets/external/data_2.php file, potentially allowing attackers to manipulate the database behind the application. By exploiting this security flaw, unauthorized users could execute arbitrary SQL queries, leading to unauthorized data exposure or modification, jeopardizing the confidentiality and integrity of the database.

References

https://packetstormsecurity.com/files/151706/Find-A-Place...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2019
Vulnerability Reserved
Feb 16, 2019

CVE-2019-8360 Data

JSON