Описание
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Patch
- Vendor Advisory
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.04e (включая)Версия до 2.0 (включая)
Одно из
cpe:2.3:a:the_address_book:the_address_book:*:*:*:*:*:*:*:*
cpe:2.3:a:the_address_book_reloaded:the_address_book_reloaded:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02069
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information.
EPSS
Процентиль: 84%
0.02069
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other