Описание
SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.
Комментарий
Successful exploitation requires that the "magic_quotes_gpc" parameter is disabled.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dsportal:dslogin:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02224
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.
EPSS
Процентиль: 84%
0.02224
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other