CVE-2017-5346

Опубликовано: 12 янв. 2017

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.

Ссылки

http://code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.html
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/95655
Third Party Advisory
VDB Entry
https://github.com/semplon/GeniXCMS/issues/61
Exploit
Issue Tracking
Patch
http://code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.html
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/95655
Third Party Advisory
VDB Entry
https://github.com/semplon/GeniXCMS/issues/61
Exploit
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:genixcms:genixcms:0.0.8:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.0108

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2ppw-6xvg-rwgw