CVE-2009-2894

Опубликовано: 20 авг. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.

Ссылки

http://osvdb.org/56265
Exploit
http://osvdb.org/56266
Exploit
http://osvdb.org/56268
Exploit
http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt
Exploit
http://secunia.com/advisories/35952
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51956
http://osvdb.org/56265
Exploit
http://osvdb.org/56266
Exploit
http://osvdb.org/56268
Exploit
http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt
Exploit
http://secunia.com/advisories/35952
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51956

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clone2009:ebay_clone:2009:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00456

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-46cp-3g9x-pvj9

github

почти 4 года назад