CVE-2008-1404

Опубликовано: 20 мар. 2008

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.

Ссылки

http://secunia.com/advisories/29389
Vendor Advisory
http://www.securityfocus.com/bid/28255
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41216
https://www.exploit-db.com/exploits/5254
http://secunia.com/advisories/29389
Vendor Advisory
http://www.securityfocus.com/bid/28255
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41216
https://www.exploit-db.com/exploits/5254

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exv2:exv2:2.0.3:*:visio:*:*:*:*:*

EPSS

Процентиль: 65%

0.00485

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-66wh-q6f2-g6mm

github

почти 4 года назад