CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5386 – Some Navarino Infinity functions placed in the URL can bypass any authentication mechanism leading to an information leak
https://notcve.org/view.php?id=CVE-2018-5386
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak. Algunas funciones de Navarino Infinity, hasta la versión 2.2, pueden omitir cualquier mecanismo de autenticación si se colocan en la URL, lo que conduce a una fuga de información. • http://www.securityfocus.com/bid/103544 https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html https://www.kb.cert.org/vuls/id/184077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-288: Authentication Bypass Using an Alternate Path or Channel •