CVE-2009-0825

Опубликовано: 09 мар. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Ссылки

http://en.securitylab.ru/lab/PT-2009-13
http://secunia.com/advisories/34178
http://sourceforge.net/project/showfiles.php?group_id=133415
Patch
http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540
http://www.securityfocus.com/archive/1/501547/100/0/threaded
http://www.securityfocus.com/bid/34021
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/49115
http://en.securitylab.ru/lab/PT-2009-13
http://secunia.com/advisories/34178
http://sourceforge.net/project/showfiles.php?group_id=133415
Patch
http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540
http://www.securityfocus.com/archive/1/501547/100/0/threaded
http://www.securityfocus.com/bid/34021
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/49115

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:torben_sorensen:tinx\/cms:*:*:*:*:*:*:*:*

Версия до 3.5 (включая)

cpe:2.3:a:torben_sorensen:tinx\/cms:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00465

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-372q-vf52-472r

github

почти 4 года назад