Описание
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:thehockeystop:hockeystats_online:2.0:*:advanced:*:*:*:*:*
cpe:2.3:a:thehockeystop:hockeystats_online:2.0:*:basic:*:*:*:*:*
EPSS
Процентиль: 32%
0.00127
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.
EPSS
Процентиль: 32%
0.00127
Низкий
7.5 High
CVSS2
Дефекты
CWE-89