CVE-2018-18982: SQL Injection
First published: Tue Nov 27 2018(Updated: )
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nuuo Nuuo Cms | <=3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-18982?
CVE-2018-18982 is classified as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2018-18982?
To fix CVE-2018-18982, upgrade to a version of NUUO CMS later than 3.3 that addresses the SQL injection vulnerability.
What type of vulnerability is CVE-2018-18982?
CVE-2018-18982 is an SQL injection vulnerability in the NUUO CMS web server application.
What are the risks associated with CVE-2018-18982?
The risks associated with CVE-2018-18982 include potential unauthorized access and execution of arbitrary code on the affected systems.
What versions of NUUO CMS are affected by CVE-2018-18982?
All versions of NUUO CMS up to and including version 3.3 are affected by CVE-2018-18982.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/source
- vendor/nuuo
- canonical/nuuo nuuo cms
- version/nuuo nuuo cms/3.3