CVE-2021-22856

Опубликовано: 17 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

Ссылки

https://www.chtsecurity.com/news/fe1e30ef-4dac-4848-a3c9-a7df12672422
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4394-76d41-1.html
Third Party Advisory
https://www.chtsecurity.com/news/fe1e30ef-4dac-4848-a3c9-a7df12672422
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4394-76d41-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:changjia_property_management_system_project:changjia_property_management_system:1.00:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00313

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-xwp3-267h-rpcj

github

около 3 лет назад

The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege.

EPSS

Процентиль: 54%

0.00313

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89