CVE-2019-19732

HIGH WAF: High

CVSS 7.2 Published: 2019-12-30

CWE-89

translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

Affected Software

Vendor	Product	Version
mfscripts	yetishare	3.5.2 - 4.5.3

References

github.com (Exploit, Third Party Advisory)
medium.com

Back to CVE Database