Описание
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.8 (включая)Версия до 1.0.9 (включая)
Одно из
cpe:2.3:a:project_alumni:project_alumni:*:*:*:*:*:*:*:*
cpe:2.3:a:project_alumni:project_alumni:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00486
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
EPSS
Процентиль: 65%
0.00486
Низкий
7.5 High
CVSS2
Дефекты
CWE-89