CVE-2009-3226

Опубликовано: 16 сент. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE: some of these details are obtained from third party information.

Ссылки

http://packetstormsecurity.org/0907-exploits/almondclassifiedsads-bsqlxss.txt
Exploit
http://secunia.com/advisories/36003
Vendor Advisory
http://www.securityfocus.com/bid/35816
Exploit
http://packetstormsecurity.org/0907-exploits/almondclassifiedsads-bsqlxss.txt
Exploit
http://secunia.com/advisories/36003
Vendor Advisory
http://www.securityfocus.com/bid/35816
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:almondsoft:affiliate_network_classifieds:*:*:*:*:*:*:*:*

cpe:2.3:a:almondsoft:almond_classifieds:*:*:enterprise:*:*:*:*:*

EPSS

Процентиль: 36%

0.00154

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5r4q-84cw-cpwc

github

почти 4 года назад