Описание
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0_rc2 (включая)
Одно из
cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:*:*:*:*:*:*:*:*
cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:*:*:*:*:*:*:*
cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:*:*:*:*:*:*:*
cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00596
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
EPSS
Процентиль: 69%
0.00596
Низкий
7.5 High
CVSS2
Дефекты
CWE-89