CVE-2018-5384

CVE-2018-5384: Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection

Vendor Navarino

Product Infinity

Weakness CWE-89 · SQLi

Published July 24, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication.

Key dates

02Disclosure timeline

July 24, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-5384 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-20947 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2023-7141 code-projects Client Details System update-clients.php sql injection CVE-2023-1984 SourceCodester Complaint Management System POST Parameter check_availability.php sql injection CVE-2024-7099 SQL Injection in netease-youdao/qanything CVE-2023-1099 SourceCodester Online Student Management System edit-class-detail.php sql injection