CVE-2020-11004

CVE-2020-11004

SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13.

Source: CVE-2020-11004

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다