Vulnerability Description
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Navarino | Infinity | < 2.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103544Third Party AdvisoryVDB Entry
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-InjectiExploitThird Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/184077Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/103544Third Party AdvisoryVDB Entry
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-InjectiExploitThird Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/184077Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5384?
CVE-2018-5384 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql...
How severe is CVE-2018-5384?
CVE-2018-5384 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-5384?
Check the references section above for vendor advisories and patch information. Affected products include: Navarino Infinity.