CVE-2008-1990

Опубликовано: 27 апр. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.

Ссылки

http://bugreport.ir/index.php?/36
Exploit
http://secunia.com/advisories/29916
Vendor Advisory
http://securityreason.com/securityalert/3842
http://www.securityfocus.com/archive/1/491129/100/0/threaded
http://www.securityfocus.com/bid/28868
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41918
https://www.exploit-db.com/exploits/5478
http://bugreport.ir/index.php?/36
Exploit
http://secunia.com/advisories/29916
Vendor Advisory
http://securityreason.com/securityalert/3842
http://www.securityfocus.com/archive/1/491129/100/0/threaded
http://www.securityfocus.com/bid/28868
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41918
https://www.exploit-db.com/exploits/5478

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:acidcat:acidcat_cms:3.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.00995

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-wgq4-5g69-f88h

github

почти 4 года назад