GHSA-7rvp-xqj7-rxf2

Опубликовано: 11 авг. 2023

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability

Withdrawn Advisory

This advisory has been withdrawn because this vulnerability does not affect a package in a supported ecosystem. This link has been maintained to preserve external references.

Original Description

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

Ссылки

Пакеты

Наименование

codeigniter/framework

composer

Затронутые версииВерсия исправления

<= 1.4.9

1.4.10

EPSS

Процентиль: 87%

0.03442

Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-24950

Дефекты

CWE-89

Связанные уязвимости

CVE-2020-24950

CVSS3: 8.8

nvd

больше 2 лет назад

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

EPSS

Процентиль: 87%

0.03442

Низкий

8.8 High

CVSS3

CVE ID

CVE-2020-24950

Дефекты

CWE-89