ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
References
Link | Resource |
---|---|
https://blog.unc1e.com/2020/12/thinksaas-has-post-auth-sql-injection.html | Exploit Third Party Advisory |
https://github.com/thinksaas/ThinkSAAS/issues/24 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-24T15:40:14
Updated: 2021-03-24T15:40:14
Reserved: 2020-12-14T00:00:00
Link: CVE-2020-35337
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-24T16:15:15.197
Modified: 2021-03-24T23:10:49.437
Link: CVE-2020-35337
JSON object: View
Redhat Information
No data.
CWE