CVE-2006-1330

Опубликовано: 21 мар. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

Ссылки

http://secunia.com/advisories/19315
Vendor Advisory
http://www.securityfocus.com/archive/1/428156
http://www.securityfocus.com/archive/1/430870/100/0/threaded
http://www.securityfocus.com/bid/17150
Exploit
http://www.vupen.com/english/advisories/2006/1039
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25328
http://secunia.com/advisories/19315
Vendor Advisory
http://www.securityfocus.com/archive/1/428156
http://www.securityfocus.com/archive/1/430870/100/0/threaded
http://www.securityfocus.com/bid/17150
Exploit
http://www.vupen.com/english/advisories/2006/1039
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25328

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phpwebsite:phpwebsite:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:phpwebsite:phpwebsite:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:phpwebsite:phpwebsite:0.8.3:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00805

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-fv74-qr6v-cqw8

github

почти 4 года назад