What the vulnerability does
01Description
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Subscriber SQL Injection in Unicamp <= 2.2.2 versions.
Explanation of Vulnerability in Simple Terms
Unicamp versions up to 2.2.2 contain a SQL injection vulnerability in a database query that requires low-level authentication to exploit. An attacker with a user account can craft malicious input to read sensitive data from the database or disrupt site availability. The vulnerability affects multiple users across the platform due to its changed scope.
What an attacker can do
Read sensitive database records and cause partial service disruption.
Potential impact on your site
User data and site configuration may be exposed; site performance may degrade.
Conditions required to exploit
Attacker must have a valid user account on the site.
Key dates
External resources
Related vulnerabilities