exploitDog

CVE-2006-1828

Опубликовано: 19 апр. 2006

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php121:php121_instant_messenger:*:*:*:*:*:*:*:*

Версия до 1.4 (включая)

EPSS

Процентиль: 88%

0.038

Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-mhhr-394j-8m96

github

почти 4 года назад

SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement.

EPSS

Процентиль: 88%

0.038

Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other