FKIE_CVE-2017-12757

Vulnerability from fkie_nvd - Published: 2019-05-09 18:29 - Updated: 2024-11-21 03:10
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).
References
cve@mitre.orghttp://ambit.comNot Applicable
cve@mitre.orghttp://itech.comProduct
cve@mitre.orghttps://www.exploit-db.com/exploits/42507Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://ambit.comNot Applicable
af854a3a-2127-422b-91ae-364da2661108http://itech.comProduct
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/42507Exploit, Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ambittechnologies itech_b2b_script 4.42i
ambittechnologies itech_business_networking_script 8.26i
ambittechnologies itech_caregiver_script 2.71i
ambittechnologies itech_classifieds_script 7.41i
ambittechnologies itech_dating_script 3.40i
ambittechnologies itech_freelancer_script 5.27i
ambittechnologies itech_image_sharing_script 4.13i
ambittechnologies itech_job_script 9.27i
ambittechnologies itech_movie_script 7.51i
ambittechnologies itech_multi_vendor_script 6.63i
ambittechnologies itech_social_networking_script 3.08i
ambittechnologies itech_travel_script 9.49
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_b2b_script:4.42i:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CE8E077-00E7-4D2E-8687-E06D1D783848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_business_networking_script:8.26i:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F9FF2F-262F-4347-BFAA-39FEA7F6C53C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_caregiver_script:2.71i:*:*:*:*:*:*:*",
              "matchCriteriaId": "79335270-FDBA-471E-92E8-3F5FEAF412C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_classifieds_script:7.41i:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3B4ECA-A369-4663-A3AF-D9993D626ED4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_dating_script:3.40i:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CD7C57-4B51-456E-8C79-154DCA795FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_freelancer_script:5.27i:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4EFAD16-D639-4304-B650-EAB91CB84C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_image_sharing_script:4.13i:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8AB1C0-0077-4BCE-823E-AB7ECE4AA37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_job_script:9.27i:*:*:*:*:*:*:*",
              "matchCriteriaId": "486B3E2E-4CF9-47BF-BC3B-0D02A6D2ADED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_movie_script:7.51i:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA28A846-FEAA-4028-95E2-83CBCFD89153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_multi_vendor_script:6.63i:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE0AB6B-8DA4-494F-8526-B928CABD8EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_social_networking_script:3.08i:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A1E4C5-1D49-40EA-AFDB-5127A92F21A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ambittechnologies:itech_travel_script:9.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "1447341F-A7E7-49B1-9BC1-19ED2B6C4F69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote)."
    },
    {
      "lang": "es",
      "value": "Algunos productos de Ambit Technologies Pvt. Ltd. se ven afectados por: Inyecci\u00f3n SQL. Esto afecta a iTech B2B Script 4.42i y Tech Business Networking Script 8.26i y Tech Caregiver Script 2.71i y Tech Classifieds Script 7.41i y Tech Dating Script 3.40i y Tech Freelancer Script 5.27i y Tech Image Sharing Script 4.13i y Tech Job Script 9.27i y Tech Movie Script 7.51i y Tech Multi Vendor Script 6.63i y Tech Social Networking Script 3.08i y Tech Travel Script 9.49. El impacto es: Ejecuci\u00f3n de c\u00f3digo (remota)."
    }
  ],
  "id": "CVE-2017-12757",
  "lastModified": "2024-11-21T03:10:08.520",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-09T18:29:01.883",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://ambit.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://itech.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://ambit.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "http://itech.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/42507"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.