Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-5070

Опубликовано: 05 сент. 2019
Источник: nvd
CVSS3: 6.5
CVSS3: 6.5
CVSS2: 6.4
EPSS Низкий

Описание

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:epignosishq:efront_lms:*:*:*:*:*:*:*:*
Версия до 5.2.12 (включая)

EPSS

Процентиль: 51%
0.00283
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-89
CWE-89

Связанные уязвимости

github логотип

GHSA-wgfg-7qh2-xjxr

CVSS3: 6.5
github
больше 3 лет назад

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.

EPSS

Процентиль: 51%
0.00283
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-89
CWE-89