CVE-2019-16264

{"id": "CVE-2019-16264", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-09-16T13:15:11.760", "references": [{"url": "https://infayer.com/?p=43", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database."}, {"lang": "es", "value": "En el Sistema Integrado de Gesti\u00f3n Acad\u00e9mica (GESAC) versi\u00f3n v1 de la Escuela de Gesti\u00f3n P\u00fablica Plurinacional (EGPP), el par\u00e1metro username del formulario de autenticaci\u00f3n es vulnerable a la inyecci\u00f3n SQL, permitiendo a atacantes acceder a la base de datos."}], "lastModified": "2019-09-17T19:53:14.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:egpp:sistema_integrado_de_gestion_academica:1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CC1012C-A940-4FAA-B2CD-BB979A9314CB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}