Описание
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.9 (включая)
cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00735
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.
EPSS
Процентиль: 72%
0.00735
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other