Описание
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-9096
- https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed
- https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e
- http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html
- http://seclists.org/fulldisclosure/2014/Jul/136
- http://www.securityfocus.com/bid/68893
Связанные уязвимости
nvd
около 11 лет назад
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.