An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-18T15:38:31

Updated: 2024-08-05T00:12:42.693Z

Reserved: 2019-07-24T00:00:00

Link: CVE-2019-14254

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-09-18T16:15:15.040

Modified: 2024-11-21T04:26:18.343

Link: CVE-2019-14254

cve-icon Redhat

No data.