CVE-2014-8339

Опубликовано: 04 нояб. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.

Ссылки

http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html
http://www.securityfocus.com/archive/1/533847/100/0/threaded
http://www.securityfocus.com/bid/70833
http://www.youtube.com/watch?v=_-oOI1LnEdk
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/98393
http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html
http://www.securityfocus.com/archive/1/533847/100/0/threaded
http://www.securityfocus.com/bid/70833
http://www.youtube.com/watch?v=_-oOI1LnEdk
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/98393

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:nuevolab:nuevoplayer:-:*:*:*:*:*:*:*

cpe:2.3:a:clip-share:clipshare:*:*:*:*:*:*:*:*

Версия до 8.0 (включая)

EPSS

Процентиль: 62%

0.00432

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-wrfx-rw96-gwf3

github

больше 3 лет назад