exploitDog

CVE-2009-1655

Опубликовано: 16 мая 2009

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.

Ссылки

http://osvdb.org/54502
http://secunia.com/advisories/35067
Vendor Advisory
http://www.securityfocus.com/bid/34975
Exploit
https://www.exploit-db.com/exploits/8690
http://osvdb.org/54502
http://secunia.com/advisories/35067
Vendor Advisory
http://www.securityfocus.com/bid/34975
Exploit
https://www.exploit-db.com/exploits/8690

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easy-scripts:answer_and_question_script:*:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-8c8x-7rpq-mcwc

github

почти 4 года назад

Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.

EPSS

Процентиль: 33%

0.00129

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-89