A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://vuldb.com/?id.96281 | Third Party Advisory |
https://www.exploit-db.com/exploits/41188/ | Third Party Advisory VDB Entry |
https://vuldb.com/?id.96281 | Third Party Advisory |
https://www.exploit-db.com/exploits/41188/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 6.3 |
References | () https://vuldb.com/?id.96281 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/41188/ - Third Party Advisory, VDB Entry |
Information
Published : 2022-07-16 07:15
Updated : 2024-11-21 03:22
NVD link : CVE-2017-20137
Mitre link : CVE-2017-20137
CVE.ORG link : CVE-2017-20137
JSON object : View
Products Affected
itechscripts
- b2b_script
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')