Описание
Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:phplogcon:phplogcon:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:phplogcon:phplogcon:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:phplogcon:phplogcon:1.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01035
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php.
EPSS
Процентиль: 77%
0.01035
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other