ID CVE-2016-9048
Summary Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
misc https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313
talos via4
id TALOS-2017-0313
last seen 2017-08-16
published 2017-07-19
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0313
title ProcessMaker Enterprise Core Multiple SQL Injection Vulnerabilities
Last major update 10-09-2018 - 12:29
Published 10-09-2018 - 12:29
Last modified 10-09-2018 - 12:29
Back to Top