CVE-2008-5737

Опубликовано: 26 дек. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Ссылки

http://osvdb.org/50892
http://secunia.com/advisories/33266
Vendor Advisory
http://securityreason.com/securityalert/4815
http://www.securityfocus.com/bid/32978
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47544
https://www.exploit-db.com/exploits/7551
http://osvdb.org/50892
http://secunia.com/advisories/33266
Vendor Advisory
http://securityreason.com/securityalert/4815
http://www.securityfocus.com/bid/32978
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47544
https://www.exploit-db.com/exploits/7551

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nodstrum:mysql_calendar:1.1:*:*:*:*:*:*:*

cpe:2.3:a:nodstrum:mysql_calendar:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00723

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-rhhp-2wh8-92m3

github

больше 3 лет назад