Описание
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:netartmedia:php_mall:4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.0017
Низкий
8.2 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.2
github
около 2 месяцев назад
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.
EPSS
Процентиль: 38%
0.0017
Низкий
8.2 High
CVSS3
Дефекты
CWE-89