exploitDog

CVE-2020-19957

Опубликовано: 14 окт. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.

Ссылки

https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_print.php.md
Exploit
Third Party Advisory
https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_print.php.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-9m42-6mq8-65pf

github

больше 3 лет назад

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89