CVE-2006-5772

Опубликовано: 06 нояб. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.

Ссылки

http://secunia.com/advisories/22664
Vendor Advisory
http://www.freewebshop.org/index.php?id=27
http://www.vupen.com/english/advisories/2006/4332
https://exchange.xforce.ibmcloud.com/vulnerabilities/29990
https://www.exploit-db.com/exploits/2704
http://secunia.com/advisories/22664
Vendor Advisory
http://www.freewebshop.org/index.php?id=27
http://www.vupen.com/english/advisories/2006/4332
https://exchange.xforce.ibmcloud.com/vulnerabilities/29990
https://www.exploit-db.com/exploits/2704

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freewebshop:freewebshop:*:*:*:*:*:*:*:*

Версия до 2.2.1 (включая)

EPSS

Процентиль: 81%

0.016

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-66jp-wmmq-3w9m

github

почти 4 года назад