CVE-2007-2520

Опубликовано: 26 июн. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.

Ссылки

http://securityreason.com/securityalert/2834
http://www.netvigilance.com/advisory0025
Exploit
Vendor Advisory
http://www.osvdb.org/34274
http://www.securityfocus.com/archive/1/472203/100/0/threaded
http://www.securityfocus.com/bid/24621
https://exchange.xforce.ibmcloud.com/vulnerabilities/35049
http://securityreason.com/securityalert/2834
http://www.netvigilance.com/advisory0025
Exploit
Vendor Advisory
http://www.osvdb.org/34274
http://www.securityfocus.com/archive/1/472203/100/0/threaded
http://www.securityfocus.com/bid/24621
https://exchange.xforce.ibmcloud.com/vulnerabilities/35049

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:frank_mancuso:mynews:0.10:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00549

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-g546-8rgj-38hx

github

почти 4 года назад