MidnightBSD

Advisories for crashfix_project

CVE-2018-20508 HIGH

CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
crashfix_project crashfix 1.0.4