exploitDog

GHSA-5fgp-c4mg-4552

Опубликовано: 23 дек. 2021

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.

Ссылки

EPSS

Процентиль: 79%

0.01194

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-21925

CVSS3: 6.5

nvd

около 4 лет назад

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.

BDU:2021-06287

CVSS3: 7.7

fstec

больше 4 лет назад

Уязвимость параметра firm_filter компонента «список устройств» (device_list) программного средства мониторинга состояния и функций маршрутизаторов Advantech R-SeeNet, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 79%

0.01194

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-89