CVE-2008-2394

Опубликовано: 21 мая 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.

Ссылки

http://secunia.com/advisories/30149
Vendor Advisory
http://www.tagworx.net/webdesign_seo_muenchen.php?cid=79&pid=5
http://www.vupen.com/english/advisories/2008/1561/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42512
https://www.exploit-db.com/exploits/5642
http://secunia.com/advisories/30149
Vendor Advisory
http://www.tagworx.net/webdesign_seo_muenchen.php?cid=79&pid=5
http://www.vupen.com/english/advisories/2008/1561/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42512
https://www.exploit-db.com/exploits/5642

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tagworx:tagworx_cms:3.00.02:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00493

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-4vvv-prmp-rg2c

github

почти 4 года назад