SQL Injection Vulnerability in Mikrotik Router Monitoring System
CVE-2020-13118

9.8CRITICAL

Key Information:

Vendor: Mikrotik-router-monitoring-system Project
Status: Mikrotik-router-monitoring-system
Vendor: CVE Published:; 16 May 2020

🔔 Create Mikrotik-router-monitoring-system Project Vulnerability Alert

What is CVE-2020-13118?

An SQL Injection vulnerability exists in the Mikrotik Router Monitoring System affecting certain parameters in the check_community.php file. By manipulating the 'community' parameter, an attacker could execute arbitrary SQL commands, potentially compromising sensitive data and gaining unauthorized access to the system. This vulnerability emphasizes the importance of input validation and proper coding practices to safeguard software from malicious exploitation.

References

https://github.com/adeoluwa-adebiyi/Mikrotik-Router-Monit...

x_refsource_MISC

http://packetstormsecurity.com/files/157733/Mikrotik-Rout...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2020
Vulnerability Reserved
May 16, 2020