CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://sourceforge.net/p/crashfix/tickets/21/
https://sourceforge.net/p/crashfix/tickets/21/

Products affected by CVE-2018-20508

Crashfix Project » Crashfix » Version: 1.0.4

cpe:2.3:a:crashfix_project:crashfix:1.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20508

Products

Pricing

Contact Us