GHSA-vhrq-rr5q-mpp9

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2012-2105
https://exchange.xforce.ibmcloud.com/vulnerabilities/73680
http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html
http://secunia.com/advisories/48239
http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122
http://www.exploit-db.com/exploits/18554
http://www.openwall.com/lists/oss-security/2012/04/16/4
http://www.openwall.com/lists/oss-security/2012/04/16/7
http://www.osvdb.org/79804
http://www.securityfocus.com/bid/52270

EPSS

Процентиль: 64%

0.00462

Низкий

CVE ID

CVE-2012-2105

Дефекты

CWE-89

Связанные уязвимости

CVE-2012-2105

nvd

больше 13 лет назад

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

EPSS

Процентиль: 64%

0.00462

Низкий

CVE ID

CVE-2012-2105

Дефекты

CWE-89