1 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. CSP MySQL User Manager 2.3.1 permite la inyección SQL y una omisión de autenticación resultante mediante un nombre de usuario manipulado durante un intento de inicio de sesión. CSP MySQL User Manager version 2.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/44589 https://github.com/dukereborn/cmum/commit/c89158ec646c4e8e95587b650f6fd86b502ff8b5 https://packetstormsecurity.com/files/147501/cspmysqlum231-sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •