CVE-2018-1000630
-
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000630
© Lightnetics 2024