CVE-2017-18346

CRITICAL

Cms Web-gooroo < 2013-01-19 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.

Exploits (1)

exploitdb WRITEUP

by Kaimi · textwebappsphp

https://www.exploit-db.com/exploits/42577

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.123295

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42577/

Scores

CVSS v3 9.8

EPSS 0.0132

EPSS Percentile 79.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

web-gooroo/cms_web-gooroo < 2013-01-19

Published Jul 03, 2019

Tracked Since Feb 18, 2026