Multiple SQL Injections in Publisure 2.1.2 Secure Portal

Multiple SQL Injections in Publisure 2.1.2 Secure Portal

CVE-2019-14254 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example).

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.