Описание
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.
Ссылки
- Product
- Broken Link
- ExploitThird Party Advisory
- Product
- Broken Link
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trispark:novusedu:2.2.x-xp_bb-20201123-184084:*:*:*:*:*:*:*
cpe:2.3:a:trispark:veo_transportation:2.2.x-xp_bb-20201123-184084os:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00097
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.
EPSS
Процентиль: 27%
0.00097
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89