Xpressengine up to 1.4.4 update query sql injection

07-Feb-23

Up to version 1.4.4 of XpressEngine was discovered to be vulnerable. It has a critical rating. This problem impacts unidentified processing carried out by the Update Query Handler component. SQL injection results from the alteration. The vulnerability has the CWE-89 definition. The vulnerability was identified as c6e94449f21256d6362450b29c7847305e756ad5 on February 6, 2023. The advice is accessible at github.com. This vulnerability has the designation CVE-2011-10003. This attack needs access to the local network to be successful. Technical information is not accessible. No exploit is accessible. Currently, an exploit may cost between US $0 and $5k. According to MITRE ATT&CK, this problem used the T1505 attack method. It has been declared to be undefined.

Read More…