Описание
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
Ссылки
- ExploitPatchVendor Advisory
- Exploit
- ExploitPatchVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 5.6.2929 (включая)
cpe:2.3:a:activeweb:contentserver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01072
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
EPSS
Процентиль: 77%
0.01072
Низкий
6.5 Medium
CVSS2
Дефекты
NVD-CWE-Other