CVE-2019-11362

Published April 20th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI.

rocboss/ROCBOSS-OLD

High load, simple micro community software

GitHub

246