CVE Catalog

CVE-2016-20063

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

Single Personal Message version 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements to extract sensitive database information.

Risk Assessment

This vulnerability poses a serious risk to organizations by allowing attackers to access sensitive data, including user credentials and site configuration. This could lead to security breaches and loss of user trust.

Recommendation

It is recommended to upgrade to the latest version of Single Personal Message to eliminate this vulnerability. Additionally, implementing further security measures such as input validation and restricting access to the admin interface is advisable.

Original NVD description (English source)

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to extract sensitive database information including user credentials and site configuration data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS