CVE-2018-5386

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
Configurations

Configuration 1 (hide)

cpe:2.3:a:navarino:infinity:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:08

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/103544 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/103544 - Third Party Advisory, VDB Entry
References () https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 - () https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 -
References () https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html - Exploit, Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html - Exploit, Third Party Advisory, VDB Entry
References () https://www.kb.cert.org/vuls/id/184077 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/184077 - Third Party Advisory, US Government Resource

07 Nov 2023, 02:58

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3', 'name': 'https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3', 'tags': ['Exploit', 'Press/Media Coverage', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 -

Information

Published : 2018-07-24 15:29

Updated : 2024-11-21 04:08


NVD link : CVE-2018-5386

Mitre link : CVE-2018-5386

CVE.ORG link : CVE-2018-5386


JSON object : View

Products Affected

navarino

  • infinity
CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor