Описание
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
Ссылки
- Mailing List
- Broken LinkURL Repurposed
- Exploit
- ExploitThird Party AdvisoryVDB Entry
- Not Applicable
- Mailing List
- Broken LinkURL Repurposed
- Exploit
- ExploitThird Party AdvisoryVDB Entry
- Not Applicable
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:candypress:candypress_store:3.5.2.14:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00912
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
EPSS
Процентиль: 75%
0.00912
Низкий
7.5 High
CVSS2
Дефекты
CWE-89