Описание
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644ExploitPatchThird Party Advisory
- Issue TrackingThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- https://deadsh0t.medium.com/authenticated-boolean-based-blind-error-based-sql-injection-b752225f0644ExploitPatchThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:b2evolution:b2evolution:7.2.2:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00479
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
EPSS
Процентиль: 64%
0.00479
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89