exploitDog

CVE-2019-19732

Опубликовано: 30 дек. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.

Ссылки

https://github.com/jra89/CVE-2019-19732
Exploit
Third Party Advisory
https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459
https://github.com/jra89/CVE-2019-19732
Exploit
Third Party Advisory
https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*

Версия от 3.5.2 (включая) до 4.5.3 (включая)

EPSS

Процентиль: 55%

0.0032

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2c2c-mqw3-8m8q

github

больше 3 лет назад

translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection.

EPSS

Процентиль: 55%

0.0032

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89