vendor:
Ultrastats
by:
eeee eeee e e
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Ultrastats
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Ultrastats exploit by eeee eeee e e
This exploit affects all versions of Ultrastats, including version 0.3.11 and 0.2.144. It allows an attacker to inject malicious SQL code into the Ultrastats database, potentially allowing them to gain access to sensitive information or modify the database.
Mitigation:
Developers should ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries.