CVE-2008-5165

Опубликовано: 19 нояб. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.

Ссылки

http://secunia.com/advisories/30877
Vendor Advisory
http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html
Exploit
http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html
Vendor Advisory
http://www.securityfocus.com/bid/29973
http://www.securitytracker.com/id?1020379
https://exchange.xforce.ibmcloud.com/vulnerabilities/43398
http://secunia.com/advisories/30877
Vendor Advisory
http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html
Exploit
http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html
Vendor Advisory
http://www.securityfocus.com/bid/29973
http://www.securitytracker.com/id?1020379
https://exchange.xforce.ibmcloud.com/vulnerabilities/43398

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eticket:eticket:1.5.7:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00706

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2qpw-f425-8j85

github

больше 3 лет назад