exploitDog

GHSA-hpg8-q284-3cc6

Опубликовано: 02 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

Ссылки

EPSS

Процентиль: 80%

0.01371

Низкий

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2009-0963

nvd

почти 17 лет назад

Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

EPSS

Процентиль: 80%

0.01371

Низкий

CVE ID

Дефекты

CWE-89