exploitDog

CVE-2021-33578

Опубликовано: 13 июл. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.

Ссылки

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md
Third Party Advisory
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:echobh:sharecare:8.15.5:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.0038

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-w7cq-7gm8-4jj2

github

больше 3 лет назад

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.

EPSS

Процентиль: 59%

0.0038

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89