CVE-2006-3318

Опубликовано: 29 июн. 2006

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.

Ссылки

http://secunia.com/advisories/20865
Vendor Advisory
http://secunia.com/secunia_research/2006-47/advisory/
Vendor Advisory
http://securityreason.com/securityalert/1173
http://www.securityfocus.com/archive/1/438706/100/0/threaded
http://www.vupen.com/english/advisories/2006/2593
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27459
http://secunia.com/advisories/20865
Vendor Advisory
http://secunia.com/secunia_research/2006-47/advisory/
Vendor Advisory
http://securityreason.com/securityalert/1173
http://www.securityfocus.com/archive/1/438706/100/0/threaded
http://www.vupen.com/english/advisories/2006/2593
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27459

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spiffyjr:phpraid:3.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00963

Низкий

5.1 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-c962-fwrv-mc74

github

почти 4 года назад