Vulnerability Description
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webidsupport | Webid | <= 1.2.2 |
Related Weaknesses (CWE)
References
- http://bugs.webidsupport.com/view.php?id=647Issue TrackingRelease NotesVendor Advisory
- https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7fPatch
- https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_VulnExploitThird Party Advisory
- http://bugs.webidsupport.com/view.php?id=647Issue TrackingRelease NotesVendor Advisory
- https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7fPatch
- https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_VulnExploitThird Party Advisory
FAQ
What is CVE-2018-1000867?
CVE-2018-1000867 is a vulnerability with a CVSS score of 8.8 (HIGH). WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to b...
How severe is CVE-2018-1000867?
CVE-2018-1000867 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000867?
Check the references section above for vendor advisories and patch information. Affected products include: Webidsupport Webid.