Описание
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xoops:xoops:2.5.8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses.
EPSS
Процентиль: 48%
0.0025
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89