exploitDog

CVE-2014-3719

Опубликовано: 30 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.

Ссылки

http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2014/May/65
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2014/May/65
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:exlibrisgroup:aleph_500:18.1:*:*:*:*:*:*:*

cpe:2.3:a:exlibrisgroup:aleph_500:20.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01237

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-gmmh-3g4p-ff75

github

больше 3 лет назад

Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.

EPSS

Процентиль: 79%

0.01237

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89