CVE-2018-18084 Information
Feb 14, 2021
cve
Description
An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file as demonstrated by the uid parameter.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/Mochazz/Mochazz.github.io/blob/master/2018/09/30/DuomiCms3.0E69C80E696B0E78988E6BC8FE6B49EE68C96E68E98/index.html https://mochazz.github.io/2018/09/30/DuomiCms3.0E69C80E696B0E78988E6BC8FE6B49EE68C96E68E98/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: