exploitDog

GHSA-hm3p-p4mh-5w98

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.

SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.

Ссылки

EPSS

Процентиль: 63%

0.00456

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2016-10008

CVSS3: 7.2

nvd

почти 8 лет назад

SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.

EPSS

Процентиль: 63%

0.00456

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-89