exploitDog

GHSA-8v6p-w5r6-7f2j

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.

SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.

Ссылки

EPSS

Процентиль: 52%

0.00288

Низкий

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2008-6663

nvd

почти 17 лет назад

SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.

EPSS

Процентиль: 52%

0.00288

Низкий

CVE ID

Дефекты

CWE-89