CVE-2009-3503

Опубликовано: 30 сент. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.

Ссылки

http://packetstormsecurity.org/0909-exploits/bpholidaylettings-sql.txt
Exploit
http://secunia.com/advisories/36833
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2744
Vendor Advisory
http://packetstormsecurity.org/0909-exploits/bpholidaylettings-sql.txt
Exploit
http://secunia.com/advisories/36833
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2744
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bpowerhouse:bpholidaylettings:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00338

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-g5r9-wgq9-7qh8

github

почти 4 года назад