An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-18T15:38:31
Updated: 2024-08-05T00:12:42.693Z
Reserved: 2019-07-24T00:00:00
Link: CVE-2019-14254
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-18T16:15:15.040
Modified: 2024-11-21T04:26:18.343
Link: CVE-2019-14254
Redhat
No data.