Описание
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:active_web_softwares:activebuyandsell:6.2:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.0236
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
EPSS
Процентиль: 85%
0.0236
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other