CVE-2008-4364

Опубликовано: 30 сент. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.

Ссылки

http://securityreason.com/securityalert/4343
http://www.bugreport.ir/index_53.htm
Exploit
http://www.securityfocus.com/archive/1/496799/100/0/threaded
http://www.securityfocus.com/bid/31450
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/45494
https://www.exploit-db.com/exploits/6610
http://securityreason.com/securityalert/4343
http://www.bugreport.ir/index_53.htm
Exploit
http://www.securityfocus.com/archive/1/496799/100/0/threaded
http://www.securityfocus.com/bid/31450
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/45494
https://www.exploit-db.com/exploits/6610

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:parsagostar:parsaweb_cms:*:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00793

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-c427-p67m-j336

github

почти 4 года назад