Описание
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
Ссылки
- http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.htmlExploitPatchThird Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.htmlExploitPatchThird Party AdvisoryVDB Entry
- Mailing ListPatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:yeager:yeager_cms:1.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.0053
Низкий
8.8 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
EPSS
Процентиль: 67%
0.0053
Низкий
8.8 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89