CVE-2018-17552: SQL Injection
First published: Wed Oct 03 2018(Updated: )
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Naviwebs Navigate CMS | =2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17552?
The severity of CVE-2018-17552 is rated as critical with a score of 9.8.
How does SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allow remote attackers to bypass authentication?
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication by exploiting the navigate-user cookie.
What software is affected by CVE-2018-17552?
Naviwebs Navigate CMS version 2.8 is affected by CVE-2018-17552.
Is there a fix available for CVE-2018-17552?
Yes, a fix for CVE-2018-17552 is available. Please refer to the provided links for more information.
Which Common Weakness Enumeration (CWE) category does CVE-2018-17552 belong to?
CVE-2018-17552 belongs to CWE category 89, which is Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/naviwebs
- canonical/naviwebs navigate cms
- version/naviwebs navigate cms/2.8