Описание
Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.
Ссылки
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00797
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.
EPSS
Процентиль: 74%
0.00797
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other