An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter.
References
Link | Resource |
---|---|
https://github.com/Mochazz/Mochazz.github.io/blob/master/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/index.html | Exploit Third Party Advisory |
https://mochazz.github.io/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-09T18:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2018-10-09T00:00:00
Link: CVE-2018-18084
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-09T18:29:00.600
Modified: 2020-06-17T14:48:43.087
Link: CVE-2018-18084
JSON object: View
Redhat Information
No data.
CWE