exploitDog

CVE-2009-0447

Опубликовано: 10 фев. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information.

Ссылки

http://osvdb.org/51754
http://secunia.com/advisories/33771
Vendor Advisory
http://www.securityfocus.com/bid/33593
Exploit
https://www.exploit-db.com/exploits/7963
http://osvdb.org/51754
http://secunia.com/advisories/33771
Vendor Advisory
http://www.securityfocus.com/bid/33593
Exploit
https://www.exploit-db.com/exploits/7963

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aspindir:mydesign_sayac:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00338

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-v4j9-96xr-hm3r

github

почти 4 года назад

Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information.

EPSS

Процентиль: 56%

0.00338

Низкий

7.5 High

CVSS2

Дефекты

CWE-89