CVE-2018-5384
N/A
N/A
Summary
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Navarino | Infinity | 2.2 < 2.2 | affected |
Weaknesses
- CWE-89: CWE-89
ADP Enrichment
CVE Program Container
Additional References
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- http://www.securityfocus.com/bid/103544
- https://www.kb.cert.org/vuls/id/184077
References
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- http://www.securityfocus.com/bid/103544
- https://www.kb.cert.org/vuls/id/184077
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.