Описание
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
Ссылки
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.1 (включая)
Одно из
cpe:2.3:a:ryan_haudenschilt:family_connections:*:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.5:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.6:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.8:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.9:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.3:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.4:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.5:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.6:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.7:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:ryan_haudenschilt:family_connections:1.8:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01723
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php.
EPSS
Процентиль: 82%
0.01723
Низкий
7.5 High
CVSS2
Дефекты
CWE-89