CVE-2017-7410

Опубликовано: 03 апр. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.

Ссылки

http://forum.websitebaker.org/index.php/topic%2C30187.0.html
http://project.websitebaker.org/issues/39
Vendor Advisory
http://www.securityfocus.com/bid/97495
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038173
Third Party Advisory
VDB Entry
http://forum.websitebaker.org/index.php/topic%2C30187.0.html
http://project.websitebaker.org/issues/39
Vendor Advisory
http://www.securityfocus.com/bid/97495
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038173
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:websitebaker:websitebaker:*:*:*:*:*:*:*:*

Версия до 2.10.0 (включая)

EPSS

Процентиль: 82%

0.01687

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-w6gc-97hw-x56g