CVE-2018-17110

2018-09-1704:00:00

mitre

www.cve.org

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.

References

www.exploit-db.com/exploits/45328/