exploitDog

GHSA-8w7v-3vv4-c289

Опубликовано: 21 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint.

SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint.

Ссылки

EPSS

Процентиль: 79%

0.01267

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-37177

CVSS3: 9.8

nvd

почти 2 года назад

SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint.

EPSS

Процентиль: 79%

0.01267

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89