Vulnerability Description
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Web-Ofisi | E-Ticaret | <= 4.0.0 |
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1ZghFSsYto-Vpv3PXunx8xm2g-Gs3HJwz/view?usp=shariBroken Link
- https://www.exploit-db.com/exploits/45897ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/webofisi-e-ticaret-sql-injection-via-urun-pThird Party Advisory
- https://www.web-ofisi.comProduct
FAQ
What is CVE-2018-25210?
CVE-2018-25210 is a vulnerability with a CVSS score of 8.2 (HIGH). WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQ...
How severe is CVE-2018-25210?
CVE-2018-25210 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25210?
Check the references section above for vendor advisories and patch information. Affected products include: Web-Ofisi E-Ticaret.