Описание
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:kansok_communications:shopweezle:2.0:*:*:*:*:*:*:*
cpe:2.3:a:kansok_communications:shopweezle:2.0_personal:*:*:*:*:*:*:*
cpe:2.3:a:kansok_communications:shopweezle:2.0_professional:*:*:*:*:*:*:*
cpe:2.3:a:kansok_communications:shopweezle:2.0_professional_plus:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01902
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
EPSS
Процентиль: 83%
0.01902
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other