Boletines de Vulnerabilidades

MSA-21-0014: Blind SQL injection possible via MNet authentication

Información sobre el sistema

Software afectado PHP


by Michael Hawkins. An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair.Severity/Risk:SeriousVersions affected:3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versionsVersions fixed:3.11, 3.10.4, 3.9.7, 3.8.9 and 3.5.18Reported by:Rekter0CVE identifier:CVE-2021-32474Changes

More info:

Identificadores estándar

Propiedad Valor
CVE CVE-2021-32474.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2021-05-18

Miembros de

Ministerio de Defensa