Описание
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
Ссылки
- http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.htmlExploitPatchThird Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.htmlExploitPatchThird Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:yeager:yeager_cms:1.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05854
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
EPSS
Процентиль: 90%
0.05854
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89