CVE-2017-15081

Опубликовано: 24 окт. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.

http://w00troot.blogspot.in/2017/10/php-melody-2.html
Exploit
Issue Tracking
Third Party Advisory
https://pastebin.com/7Xjm8Wqt
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/43062/
Exploit
Issue Tracking
Third Party Advisory
VDB Entry
http://w00troot.blogspot.in/2017/10/php-melody-2.html
Exploit
Issue Tracking
Third Party Advisory
https://pastebin.com/7Xjm8Wqt
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/43062/
Exploit
Issue Tracking
Third Party Advisory
VDB Entry

Конфигурация 1

cpe:2.3:a:phpsugar:php_melody:2.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07326

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

CWE-89

GHSA-5256-pxr5-xx72