CVE-2012-1026

Опубликовано: 08 фев. 2012

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2012-02/0068.html
http://sourceforge.net/tracker/?func=detail&aid=3488241&group_id=298778&atid=1260461
http://www.exploit-db.com/exploits/18467
Exploit
http://www.securityfocus.com/bid/51870
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/73000
http://archives.neohapsis.com/archives/bugtraq/2012-02/0068.html
http://sourceforge.net/tracker/?func=detail&aid=3488241&group_id=298778&atid=1260461
http://www.exploit-db.com/exploits/18467
Exploit
http://www.securityfocus.com/bid/51870
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/73000

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:johannes_ekberg:xray_cms:1.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00262

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-24xx-35j6-m7x4

github

больше 3 лет назад