Описание
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:connectix:connectix_boards:0.4:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.5:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.6:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:connectix:connectix_boards:0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00688
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
EPSS
Процентиль: 71%
0.00688
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other