Описание
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.4 (включая)
Одно из
cpe:2.3:a:simon_pamies:pywebdav:*:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.3:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.5:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.6:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.7:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.8:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:simon_pamies:pywebdav:0.9.3:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01021
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
ubuntu
почти 15 лет назад
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
debian
почти 15 лет назад
Multiple SQL injection vulnerabilities in the get_userinfo method in t ...
EPSS
Процентиль: 77%
0.01021
Низкий
7.5 High
CVSS2
Дефекты
CWE-89