exploitDog

CVE-2019-19740

Опубликовано: 12 дек. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.

Ссылки

http://packetstormsecurity.com/files/156113/Octeth-Oempro-4.8-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/BrunoBulle/Oempro_4.7/blob/master/README.md
Third Party Advisory
https://www2.octeth.com/blog/
Vendor Advisory
http://packetstormsecurity.com/files/156113/Octeth-Oempro-4.8-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/BrunoBulle/Oempro_4.7/blob/master/README.md
Third Party Advisory
https://www2.octeth.com/blog/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:octeth:oempro:4.7:*:*:*:*:*:*:*

cpe:2.3:a:octeth:oempro:4.8:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00783

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-j52g-8mqh-84pw

CVSS3: 9.8

github

больше 3 лет назад

Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.

EPSS

Процентиль: 73%

0.00783

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89