Описание
Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:advanced_website_creator:advanced_website_creator:0.1:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:0.2:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:0.3:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.0_beta_1:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.1_beta_1:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.2:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.3:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:advanced_website_creator:advanced_website_creator:1.8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00703
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.
EPSS
Процентиль: 72%
0.00703
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other