Shipping System CMS 1.0 contains an SQL injection vulnerability in its admin login functionality. An unauthenticated attacker can inject malicious SQL code into the username parameter of the admin login endpoint to bypass authentication and gain unauthorized administrative access.
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login endpoint to authenticate without valid credentials.
Shipping System CMS 1.0 installations are at high risk of complete administrative compromise due to an authentication bypass via SQL injection.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| wecodex | shipping_system_cms | - | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
Affected Products
3
References
wecodex / shipping_system_cms
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitability
Impact