exploitDog

CVE-2008-3563

Опубликовано: 10 авг. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:plogger:plogger:*:*:*:*:*:*:*:*

Версия до 3.0 (включая)

cpe:2.3:a:plogger:plogger:1.0:beta3:*:*:*:*:*:*

cpe:2.3:a:plogger:plogger:1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:plogger:plogger:2.0:*:*:*:*:*:*:*

cpe:2.3:a:plogger:plogger:2.1:beta:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.0075

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-c72m-36q5-4cfc

github

почти 4 года назад

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

EPSS

Процентиль: 73%

0.0075

Низкий

7.5 High

CVSS2

Дефекты

CWE-89