exploitDog

GHSA-2mhr-7vwh-hrjc

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.

Ссылки

EPSS

Процентиль: 90%

0.05854

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2015-7568

CVSS3: 9.8

nvd

почти 9 лет назад

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.

EPSS

Процентиль: 90%

0.05854

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89