exploitDog

GHSA-9q42-phh7-m5r2

Опубликовано: 23 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

Ссылки

EPSS

Процентиль: 87%

0.03203

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-26285

CVSS3: 9.8

nvd

почти 4 года назад

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.

EPSS

Процентиль: 87%

0.03203

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89