CVE-2006-4705

Опубликовано: 12 сент. 2006

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Ссылки

http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html
http://secunia.com/advisories/21831
http://securityreason.com/securityalert/1542
http://www.securityfocus.com/archive/1/445603/100/0/threaded
http://www.securityfocus.com/bid/19856
http://www.vupen.com/english/advisories/2006/3547
http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html
http://secunia.com/advisories/21831
http://securityreason.com/securityalert/1542
http://www.securityfocus.com/archive/1/445603/100/0/threaded
http://www.securityfocus.com/bid/19856
http://www.vupen.com/english/advisories/2006/3547

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dominic_gamble:timesheet.php:1.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00496

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hrxh-vhqx-56hq

github

почти 4 года назад