Описание
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.4 (включая)
Одно из
cpe:2.3:a:mitel:cmg_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:mitel:cmg_suite:8.4:sp2:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00597
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts.
EPSS
Процентиль: 69%
0.00597
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89