exploitDog

GHSA-4wvm-346h-cg2w

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.

Ссылки

EPSS

Процентиль: 66%

0.00517

Низкий

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2015-2563

nvd

почти 11 лет назад

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.

EPSS

Процентиль: 66%

0.00517

Низкий

CVE ID

Дефекты

CWE-89