Описание
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
Ссылки
- PatchVendor Advisory
- Exploit
- Exploit
- PatchVendor Advisory
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.10 (включая)
cpe:2.3:a:neocrome:seditio:*:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03201
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
EPSS
Процентиль: 87%
0.03201
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other