Описание
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:rxtec:rxadmin:2012:06:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02371
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
EPSS
Процентиль: 85%
0.02371
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89