Vulnerability Details CVE-2018-5386
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/103544
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html
- https://www.kb.cert.org/vuls/id/184077
- http://www.securityfocus.com/bid/103544
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html
- https://www.kb.cert.org/vuls/id/184077