TalosCVE-2016-9048CVE-2016-9048
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
28.8%
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| processmaker | processmaker | 3.0.1.7 | cpe:2.3:a:processmaker:processmaker:3.0.1.7:*:*:*:community:*:*:* |
| processmaker | processmaker | 3.0.1.7 | cpe:2.3:a:processmaker:processmaker:3.0.1.7:*:*:*:enterprise:*:*:* |
CNA Affected
[
{
"product": "ProcessMaker Enterprise",
"vendor": "ProcessMaker",
"versions": [
{
"status": "affected",
"version": "ProcessMaker Enterprise Core 3.0.1.7-community"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
28.8%