4.3
CVSSv2

CVE-2019-7748

Published: 11/02/2019 Updated: 12/02/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.

Vulnerability Trend

Affected Products

Vendor Product Versions
DbninjaDbninja3.2.7

Github Repositories

CVEnotes The discovery of these vulnerability is to work with my colleagues CVE ID Product Attack Vector Reference CVE-2018-18950 KindEditor Directory Traversal [CVE][Description] CVE-2018-19340 Guriddo Form PHP Cross-Site Scripting (XSS) [CVE][Description] CVE-2018-19434 webERP SQL injection (Blind) [CVE][Description] CVE-2018-19435 webERP SQL injection (Blind) [

CVEnotes The discovery of these vulnerability is to work with my colleagues CVE ID Product Attack Vector Reference CVE-2018-18950 KindEditor Directory Traversal [CVE][Description] CVE-2018-19340 Guriddo Form PHP Cross-Site Scripting (XSS) [CVE][Description] CVE-2018-19434 webERP SQL injection (Blind) [CVE][Description] CVE-2018-19435 webERP SQL injection (Blind) [

Architecture These exploit of CVEs is together with my colleagues CVE ID Attack Vector Product Reference CVE-2019-7748 Broken Authentication DbNinja [1][2] CVE-2019-7747 Broken Authentication DbNinja [1][2] CVE-2019-7731 Remote Code Execution (RCE) MyWebSQL [1][2] CVE-2019-7730 Cross-site request forgery (CSRF) MyWebSQL [1][2] CVE-2019-7661 (Wait for Published)