CVE-2017-20195 MEDIUM

CVE-2017-20195: LUNAD3v AreaLoad request.php sql injection

Vendor Lunad3V
Product AreaLoad
Weakness CWE-89 · SQLi
Published October 29, 2024
Last update October 29, 2024
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 264813c546dba03989ac0fc365f2022bf65e3be2. It is recommended to apply a patch to fix this issue.

Key dates

02Disclosure timeline

October 29, 2024 CVE published
October 29, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-12248 CLTPHP search.html sql injection CVE-2026-7618 EnvíaloSimple: Email Marketing y Newsletters <= 2.4.5 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability CVE-2016-9488 ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities CVE-2025-10042 Quiz Maker <= 6.7.0.56 - Unauthenticated SQL Injection