Описание
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.5 (включая)
Одно из
cpe:2.3:a:zenoss:zenoss:*:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:zenoss:zenoss:2.4.2:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.0129
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
debian
почти 16 лет назад
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEven ...
github
почти 4 года назад
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
EPSS
Процентиль: 79%
0.0129
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89