Описание
SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.
Ссылки
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.000:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.001:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.002:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.003:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.004:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.005:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.006:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.007:*:*:*:*:*:*:*
cpe:2.3:a:nicola_asuni:all_in_one_control_panel:1.3.008:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00596
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.
EPSS
Процентиль: 69%
0.00596
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other