CVE-2017-12757

Exploit

EPSS 0.84%
Published 09.05.2019 18:29:01
Last modified 21.11.2024 03:10:08
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Ambittechnologies ≫ Itech B2b Script Version4.42i

Ambittechnologies ≫ Itech Business Networking Script Version8.26i

Ambittechnologies ≫ Itech Caregiver Script Version2.71i

Ambittechnologies ≫ Itech Classifieds Script Version7.41i

Ambittechnologies ≫ Itech Dating Script Version3.40i

Ambittechnologies ≫ Itech Freelancer Script Version5.27i

Ambittechnologies ≫ Itech Image Sharing Script Version4.13i

Ambittechnologies ≫ Itech Job Script Version9.27i

Ambittechnologies ≫ Itech Movie Script Version7.51i

Ambittechnologies ≫ Itech Multi Vendor Script Version6.63i

Ambittechnologies ≫ Itech Social Networking Script Version3.08i

Ambittechnologies ≫ Itech Travel Script Version9.49

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.84%	0.726

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

http://ambit.com

Not Applicable

http://itech.com

Product

https://www.exploit-db.com/exploits/42507

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-12757

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12757

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12757

EUVD