exploitDog

CVE-2009-0711

Опубликовано: 23 фев. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.

Ссылки

http://secunia.com/advisories/33367
Vendor Advisory
http://www.osvdb.org/51102
https://www.exploit-db.com/exploits/7636
http://secunia.com/advisories/33367
Vendor Advisory
http://www.osvdb.org/51102
https://www.exploit-db.com/exploits/7636

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vlad_alexa_mancini:phpfootball:1.5:*:*:*:*:*:*:*

cpe:2.3:a:vlad_alexa_mancini:phpfootball:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00516

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-w3gx-qg2g-wr49

github

почти 4 года назад

filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.

EPSS

Процентиль: 66%

0.00516

Низкий

5 Medium

CVSS2

Дефекты

CWE-200