exploitDog

CVE-2017-9449

Опубликовано: 06 июн. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.

Ссылки

https://github.com/bigtreecms/BigTree-CMS/issues/295
Issue Tracking
Patch
Third Party Advisory
https://github.com/bigtreecms/BigTree-CMS/issues/295
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*

Версия до 4.2.18 (включая)

EPSS

Процентиль: 56%

0.00344

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-387j-r6x5-3c3w

CVSS3: 8.8

github

больше 3 лет назад

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.

EPSS

Процентиль: 56%

0.00344

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89