CVE-2018-10757 – CSP MySQL User Manager 2.3.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-10757
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. CSP MySQL User Manager 2.3.1 permite la inyección SQL y una omisión de autenticación resultante mediante un nombre de usuario manipulado durante un intento de inicio de sesión. CSP MySQL User Manager version 2.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/44589 https://github.com/dukereborn/cmum/commit/c89158ec646c4e8e95587b650f6fd86b502ff8b5 https://packetstormsecurity.com/files/147501/cspmysqlum231-sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-1466
https://notcve.org/view.php?id=CVE-2014-1466
SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. Vulnerabilidad de inyección de SQL en CSP MySQL User Manager 2.3 permite a atacantes remotos ejecutar comandos de SQL arbitrarios a través del campo de login de la página de inicio de sesión. • http://osvdb.org/101867 http://packetstormsecurity.com/files/124724/cspmysql-sql.txt http://secunia.com/advisories/56348 http://www.securityfocus.com/bid/64731 https://exchange.xforce.ibmcloud.com/vulnerabilities/90210 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •