Published: 30/09/2017 Updated: 10/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).

Vulnerable Product	Search on Vulmon	Subscribe to Product
filerun filerun

#!/usr/bin/env python # Exploit Title: FileRun <=20170918 # Date: September 29, 2017 # Exploit Author: SPARC # Vendor Homepage: wwwfileruncom/ # Software Link: fafianse/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t # Version: 20170918 # Tested on: Ubuntu 16043, Apache 247, PHP 70 # CVE : C ...

FileRun versions 20170918 and below suffer from a remote SQL injection vulnerability ...

CWE-89 https://blog.spentera.com/2017/09/29/blind-sql-injection-vulnerability-in-filerun-2017-09-18/http://feedback.filerun.com/topics/189-critical-security-update-available/https://www.exploit-db.com/exploits/42922/https://nvd.nist.gov https://www.exploit-db.com/exploits/42922/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14738

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect