exploitDog

GHSA-3pvc-g892-vvj8

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).

SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).

Ссылки

EPSS

Процентиль: 83%

0.01932

Низкий

CVE ID

Связанные уязвимости

CVE-2007-0693

nvd

больше 18 лет назад

SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).

EPSS

Процентиль: 83%

0.01932

Низкий

CVE ID