exploitDog

CVE-2006-7170

Опубликовано: 20 мар. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.

Ссылки

http://marc.info/?l=bugtraq&m=116343783720459&w=2
Third Party Advisory
http://www.securityfocus.com/bid/21072
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30214
http://marc.info/?l=bugtraq&m=116343783720459&w=2
Third Party Advisory
http://www.securityfocus.com/bid/21072
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30214

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:koan_software:mega_mall:*:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00593

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-jxvm-m2v5-982g

github

почти 4 года назад

Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.

EPSS

Процентиль: 69%

0.00593

Низкий

7.5 High

CVSS2

Дефекты

CWE-89