Описание
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:b2evolution:b2evolution_cms:7.2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00621
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
около 4 лет назад
b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a crafted input.
EPSS
Процентиль: 70%
0.00621
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89