CVE-2010-1078

Опубликовано: 23 мар. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.

Ссылки

http://www.bugreport.ir/index_68.htm
Exploit
http://www.packetstormsecurity.org/1002-exploits/spherecms-sql.txt
Exploit
http://www.securityfocus.com/archive/1/509603/100/0/threaded
http://www.securityfocus.com/bid/38309
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/56423
http://www.bugreport.ir/index_68.htm
Exploit
http://www.packetstormsecurity.org/1002-exploits/spherecms-sql.txt
Exploit
http://www.securityfocus.com/archive/1/509603/100/0/threaded
http://www.securityfocus.com/bid/38309
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/56423

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sphere.xlentprojects:spherecms:1.1:alpha:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00417

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-r3v7-5534-66q4

github

почти 4 года назад