CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15868

SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.chronoscan.org
https://redsec.io/chronoscan-enterprise-unauthenticated-sql-injection
http://www.chronoscan.org
https://redsec.io/chronoscan-enterprise-unauthenticated-sql-injection

Products affected by CVE-2018-15868

Chronoscan » Chronoscan » Version: 1.5.4.3

cpe:2.3:a:chronoscan:chronoscan:1.5.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15868

Products

Pricing

Contact Us