CVE-2020-24862

Опубликовано: 02 июн. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.

Ссылки

https://www.exploit-db.com/exploits/48752
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework
Third Party Advisory
https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html
Third Party Advisory
https://www.exploit-db.com/exploits/48752
Exploit
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/download-code?nid=14398&title=Pharmacy%2FMedical+Store+%26+Sale+Point+Using+PHP%2FMySQL+with+Bootstrap+Framework
Third Party Advisory
https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pharmacy_medical_store_and_sale_point_project:pharmacy_medical_store_and_sale_point:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00397

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-f3vp-h583-4j5f

github

больше 3 лет назад

BDU:2021-04428