Vulnerability Details CVE-2018-1000630
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.7%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References