1. Home
  2. CVE Database
  3. CVE-2018-17796
CRITICAL · 9.8

CVE-2018-17796

An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, res...

Vulnerability Description

An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Mushroom Content Management System ProjectMushroom Content Management System<= 3.1.2

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2018-17796?

CVE-2018-17796 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, res...

How severe is CVE-2018-17796?

CVE-2018-17796 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-17796?

Check the references section above for vendor advisories and patch information. Affected products include: Mushroom Content Management System Project Mushroom Content Management System.