CVE-2018-14956

Опубликовано: 28 сент. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.

Ссылки

http://packetstormsecurity.com/files/149571/CMS-ISWEB-3.5.3-SQL-Injection.html
Third Party Advisory
VDB Entry
https://cxsecurity.com/issue/WLB-2018090249
Issue Tracking
Third Party Advisory
https://imgur.com/a/buXJJKC
Exploit
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/150516
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/149571/CMS-ISWEB-3.5.3-SQL-Injection.html
Third Party Advisory
VDB Entry
https://cxsecurity.com/issue/WLB-2018090249
Issue Tracking
Third Party Advisory
https://imgur.com/a/buXJJKC
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:isweb:isweb:3.5.3:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00415

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5fjm-4xr4-5vjj