Vulnerability Details CVE-2018-7734
Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://www.filerun.com/changelog
- https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available
- https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html
- http://www.filerun.com/changelog
- https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available
- https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html
Products affected by CVE-2018-7734
-
cpe:2.3:a:afian:filerun:2015.01.01
-
cpe:2.3:a:afian:filerun:2015.03.03
-
cpe:2.3:a:afian:filerun:2015.08.18
-
cpe:2.3:a:afian:filerun:2015.09.02
-
cpe:2.3:a:afian:filerun:2015.10.10
-
cpe:2.3:a:afian:filerun:2015.11.03
-
cpe:2.3:a:afian:filerun:2016.02.19
-
cpe:2.3:a:afian:filerun:2016.03.08
-
cpe:2.3:a:afian:filerun:2016.04.25
-
cpe:2.3:a:afian:filerun:2016.06.20
-
cpe:2.3:a:afian:filerun:2016.09.19
-
cpe:2.3:a:afian:filerun:2016.11.07
-
cpe:2.3:a:afian:filerun:2017.01.23
-
cpe:2.3:a:afian:filerun:2017.03.18
-
cpe:2.3:a:afian:filerun:2017.09.18
-
cpe:2.3:a:afian:filerun:2017.09.25