CVE-2018-20719 Information

Description

In Tiki before 17.2 the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8