exploitDog

CVE-2015-6009

Опубликовано: 28 сент. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.

Ссылки

http://www.kb.cert.org/vuls/id/374092
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/38292/
http://www.kb.cert.org/vuls/id/374092
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/38292/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:refbase:refbase:*:*:*:*:*:*:*:*

Версия до 0.9.6 (включая)

EPSS

Процентиль: 86%

0.027

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-hpgw-qg6c-cg35

github

больше 3 лет назад

Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.

EPSS

Процентиль: 86%

0.027

Низкий

7.5 High

CVSS2

Дефекты

CWE-89