exploitDog

CVE-2019-25495

Опубликовано: 27 фев. 2026

Источник: nvd

CVSS3: 8.2

CVSS3: 7.5

EPSS Низкий

Описание

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.

Ссылки

https://www.exploit-db.com/exploits/46330
Exploit
VDB Entry
https://www.oscommerce.com
Product
https://www.vulncheck.com/advisories/oscommerce-sql-injection-via-reviewsid-parameter
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oscommerce:oscommerce:2.3.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00106

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-xxc3-jv86-6hxx

CVSS3: 8.2

github

28 дней назад

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.

EPSS

Процентиль: 29%

0.00106

Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-89