CVE-2009-4936

Опубликовано: 22 июл. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.

Ссылки

http://osvdb.org/54784
http://osvdb.org/54785
Exploit
http://osvdb.org/54786
Exploit
http://osvdb.org/54787
Exploit
http://osvdb.org/54788
Exploit
http://secunia.com/advisories/35272
Vendor Advisory
http://www.exploit-db.com/exploits/8819
http://www.securityfocus.com/archive/1/503863/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/50837
http://osvdb.org/54784
http://osvdb.org/54785
Exploit
http://osvdb.org/54786
Exploit
http://osvdb.org/54787
Exploit
http://osvdb.org/54788
Exploit
http://secunia.com/advisories/35272
Vendor Advisory
http://www.exploit-db.com/exploits/8819
http://www.securityfocus.com/archive/1/503863/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/50837

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spirate:small_pirate:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02104

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5hrf-qvr7-jrc9

github

почти 4 года назад