What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8.
Explanation of Vulnerability in Simple Terms
FS Poster versions 6.5.8 and earlier contain a SQL injection vulnerability in database query handling. An authenticated user with low privileges can craft malicious input to execute arbitrary SQL commands. This can expose sensitive data across the application and degrade performance. Update to a version newer than 6.5.8.
What an attacker can do
Execute arbitrary SQL queries to read sensitive data from the database.
Potential impact on your site
Unauthorized access to database contents including user data, posts, and configuration; potential service disruption.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources