Описание
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0 (включая)Версия до 1.0 (включая)
Одно из
cpe:2.3:a:bokublock:bbadminviewscontrol:*:*:*:*:*:ec-cube:*:*
cpe:2.3:a:bokublock:bbadminviewscontrol213:*:*:*:*:*:ec-cube:*:*
EPSS
Процентиль: 58%
0.00359
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
EPSS
Процентиль: 58%
0.00359
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89