exploitDog

GHSA-vpq9-rx6p-23hj

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.

Ссылки

EPSS

Процентиль: 84%

0.02298

Низкий

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2014-1401

nvd

почти 12 лет назад

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.

EPSS

Процентиль: 84%

0.02298

Низкий

CVE ID

Дефекты

CWE-89