NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
References
Link | Resource |
---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02 | Third Party Advisory US Government Resource |
https://www.exploit-db.com/exploits/46449/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2018-11-27T21:00:00
Updated: 2019-03-05T10:57:02
Reserved: 2018-11-06T00:00:00
Link: CVE-2018-18982
JSON object: View
NVD Information
Status : Modified
Published: 2018-11-27T20:29:00.923
Modified: 2019-10-09T23:37:31.410
Link: CVE-2018-18982
JSON object: View
Redhat Information
No data.
CWE