CVE-2013-5117

Опубликовано: 12 мар. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

Ссылки

http://osvdb.org/96306
http://seclists.org/fulldisclosure/2013/Sep/9
http://www.exploit-db.com/exploits/27602
Exploit
Patch
http://www.securityfocus.com/bid/61788
Exploit
http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx
Patch
Vendor Advisory
http://osvdb.org/96306
http://seclists.org/fulldisclosure/2013/Sep/9
http://www.exploit-db.com/exploits/27602
Exploit
Patch
http://www.securityfocus.com/bid/61788
Exploit
http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zldnn:dnnarticle:*:*:*:*:*:*:*:*

Версия до 10.0 (включая)

EPSS

Процентиль: 80%

0.01444

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2mgr-wwxh-g3g7

github

больше 3 лет назад