{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T13:37:34.723","vulnerabilities":[{"cve":{"id":"CVE-2018-5384","sourceIdentifier":"cret@cert.org","published":"2018-07-24T15:29:01.030","lastModified":"2024-11-21T04:08:42.813","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication."},{"lang":"es","value":"La interfaz web de Navarino Infinity hasta la versión 2.2 expone un script no autenticado que es propenso a una inyección SQL ciega. Si se explota con éxito, el usuario puede obtener información de la base de datos de postgresql subyacente que podría conducir al compromiso total del producto. Este script está disponible sin autenticación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:navarino:infinity:*:*:*:*:*:*:*:*","versionEndExcluding":"2.2","matchCriteriaId":"D23916EE-F477-42AF-BF89-0CDF1D532013"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/103544","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3","source":"cret@cert.org"},{"url":"https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/184077","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/103544","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/184077","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}