7.5
CVSSv2

CVE-2019-7731

Published: 11/02/2019 Updated: 12/02/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 723
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.

Vulnerability Trend

Affected Products

Vendor Product Versions
MywebsqlMywebsql3.7

Github Repositories

CVEnotes The discovery of these vulnerability is to work with my colleagues CVE ID Product Attack Vector Reference CVE-2018-18950 KindEditor Directory Traversal [CVE][Description] CVE-2018-19340 Guriddo Form PHP Cross-Site Scripting (XSS) [CVE][Description] CVE-2018-19434 webERP SQL injection (Blind) [CVE][Description] CVE-2018-19435 webERP SQL injection (Blind) [

CVEnotes The discovery of these vulnerability is to work with my colleagues CVE ID Product Attack Vector Reference CVE-2018-18950 KindEditor Directory Traversal [CVE][Description] CVE-2018-19340 Guriddo Form PHP Cross-Site Scripting (XSS) [CVE][Description] CVE-2018-19434 webERP SQL injection (Blind) [CVE][Description] CVE-2018-19435 webERP SQL injection (Blind) [

Architecture These exploit of CVEs is together with my colleagues CVE ID Attack Vector Product Reference CVE-2019-7748 Broken Authentication DbNinja [1][2] CVE-2019-7747 Broken Authentication DbNinja [1][2] CVE-2019-7731 Remote Code Execution (RCE) MyWebSQL [1][2] CVE-2019-7730 Cross-site request forgery (CSRF) MyWebSQL [1][2] CVE-2019-7661 (Wait for Published)