CVE-2018-1000871 — CRITICAL (9.8)

Q: How severe is CVE-2018-1000871?

CVE-2018-1000871 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-1000871?

Check the references section above for vendor advisories and patch information. Affected products include: Digitaldruid Hoteldruid.

Vulnerability Description

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Digitaldruid	Hoteldruid	<= 2.3.0

Related Weaknesses (CWE)

CWE-89

References

https://www.exploit-db.com/exploits/45976ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/45976ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-1000871?

CVE-2018-1000871 is a vulnerability with a CVSS score of 9.8 (CRITICAL). HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the da...

How severe is CVE-2018-1000871?

CVE-2018-1000871 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1000871?

Check the references section above for vendor advisories and patch information. Affected products include: Digitaldruid Hoteldruid.