CVE-2019-19732

translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:35

Type Values Removed Values Added
References () https://github.com/jra89/CVE-2019-19732 - Exploit, Third Party Advisory () https://github.com/jra89/CVE-2019-19732 - Exploit, Third Party Advisory
References () https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459 - () https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459 -

07 Nov 2023, 03:07

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459', 'name': 'https://medium.com/@jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459 -

Information

Published : 2019-12-30 17:15

Updated : 2024-11-21 04:35


NVD link : CVE-2019-19732

Mitre link : CVE-2019-19732

CVE.ORG link : CVE-2019-19732


JSON object : View

Products Affected

mfscripts

  • yetishare
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')