CVE-2018-19654

Published: Nov 29, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists.

Affected (1)

Products: Sales & Company Management System Project: Sales & Company Management System

Sales & Company Management System Project

1 product

Sales & Company Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sales & Company Management System Project Sales & Company Management System	Up to 2018-06-06

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/Venan24/SCMS/issues/1

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Venan24/SCMS/issues/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.