CVE-2020-25751

Опубликовано: 18 сент. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.

Ссылки

https://geekwire.eu/2020/09/14/joomla-pago-commerce-2-5-9-0-sql-injection-authenticated/
Third Party Advisory
https://www.exploit-db.com/exploits/48811
Exploit
Third Party Advisory
VDB Entry
https://geekwire.eu/2020/09/14/joomla-pago-commerce-2-5-9-0-sql-injection-authenticated/
Third Party Advisory
https://www.exploit-db.com/exploits/48811
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:corephp:pago_commerce:2.5.9.0:*:*:*:*:joomla\!:*:*

EPSS

Процентиль: 54%

0.00316

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-f659-48hf-f7xc

github

больше 3 лет назад