What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.4.
Explanation of Vulnerability in Simple Terms
PrivateContent versions 8.11.4 and earlier contain a SQL injection vulnerability accessible to authenticated users. An attacker with low-level account access can craft malicious input to execute arbitrary SQL queries against the site database. This can lead to unauthorized data disclosure and potential service disruption. Update to a version newer than 8.11.4.
What an attacker can do
Read sensitive data from the site database and cause service disruption via SQL injection.
Potential impact on your site
Unauthorized access to database contents including user data, posts, and configuration; potential site downtime.
Conditions required to exploit
Attacker must have a low-privilege user account on the site; no user interaction required.
Key dates
External resources
Related vulnerabilities