exploitDog

CVE-2017-1000474

Опубликовано: 24 янв. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.

Ссылки

http://singsip.wixsite.com/singsip/vuln
Third Party Advisory
https://www.exploit-db.com/exploits/44318/
http://singsip.wixsite.com/singsip/vuln
Third Party Advisory
https://www.exploit-db.com/exploits/44318/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vehicle_sales_management_system_project:vehicle_sales_management_system:2017-07-30:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02589

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-9mg8-wpmg-p8xr

CVSS3: 9.8

github

больше 3 лет назад

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.

EPSS

Процентиль: 85%

0.02589

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89