MINMAX /newsDia.php id sql injection

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was disclosed 07/04/2020 by Mostafa Farzaneh. This vulnerability is uniquely identified as CVE-2020-36535. It is possible to initiate the attack remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	22

Field

exploit_price_0day	2
cna_responsible	1
source_cve	1
vulnerability_cwe	1
vulnerability_cvss3_vuldb_pr	1

Commit Conf

100%	21
90%	8
96%	4
60%	2
95%	2

Approve Conf

100%	21
90%	8
96%	4
60%	2
95%	2

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
12579821	06/03/2022	VulD...	price_0day	$0-$5k	see exploit price documentation	06/03/2022	accepted	90
12579820	06/03/2022	VulD...	responsible	VulDB		06/03/2022	accepted	100
12579819	06/03/2022	VulD...	cve	CVE-2020-36535	cve.org	06/03/2022	accepted	100
10353428	08/17/2020	VulD...	cwe	89 (sql injection)		08/17/2020	accepted	90
10353436	08/17/2020	VulD...	cvss3_vuldb_pr	L	see CVSS documentation	08/17/2020	accepted	60
10353435	08/17/2020	VulD...	cvss2_vuldb_au	S	see CVSS documentation	08/17/2020	accepted	60
10353434	08/17/2020	VulD...	cvss3_vuldb_rc	U	see CVSS documentation	08/17/2020	accepted	90
10353433	08/17/2020	VulD...	cvss3_vuldb_rl	X	see CVSS documentation	08/17/2020	accepted	90
10353432	08/17/2020	VulD...	cvss3_vuldb_e	X	see CVSS documentation	08/17/2020	accepted	90
10353431	08/17/2020	VulD...	cvss2_vuldb_rc	UC	see CVSS documentation	08/17/2020	accepted	90
10353430	08/17/2020	VulD...	cvss2_vuldb_rl	ND	see CVSS documentation	08/17/2020	accepted	90
10353429	08/17/2020	VulD...	cvss2_vuldb_e	ND	see CVSS documentation	08/17/2020	accepted	90
10353427	08/17/2020	VulD...	price_0day	$0-$5k	see exploit price documentation	08/17/2020	accepted	100
10353426	08/17/2020	VulD...	person_name	Mostafa Farzaneh		08/17/2020	accepted	100
10353425	08/17/2020	VulD...	date	1593820800 (07/04/2020)		08/17/2020	accepted	100
10353424	08/17/2020	VulD...	cvss3_vuldb_a	L	see CVSS documentation	08/17/2020	accepted	100
10353423	08/17/2020	VulD...	cvss3_vuldb_i	L	see CVSS documentation	08/17/2020	accepted	100
10353422	08/17/2020	VulD...	cvss3_vuldb_c	L	see CVSS documentation	08/17/2020	accepted	100
10353421	08/17/2020	VulD...	cvss3_vuldb_s	U	see CVSS documentation	08/17/2020	accepted	100
10353420	08/17/2020	VulD...	cvss3_vuldb_ui	N	see CVSS documentation	08/17/2020	accepted	100

17 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 17 results.

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!