Описание
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:scottmanktelow:stride_cms:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02207
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.
EPSS
Процентиль: 84%
0.02207
Низкий
7.5 High
CVSS2
Дефекты
CWE-89