CVE-2021-4308

Опубликовано: 08 янв. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 9.8

CVSS2: 5.2

EPSS Низкий

Описание

A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The identifier of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability.

Ссылки

https://github.com/WebPA/WebPA/commit/8836c4f549181e885a68e0e7ca561fdbcbd04bf0
Patch
https://github.com/WebPA/WebPA/pull/87
Patch
https://github.com/WebPA/WebPA/releases/tag/v3.1.2
Release Notes
https://vuldb.com/?ctiid.217637
Third Party Advisory
https://vuldb.com/?id.217637
Third Party Advisory
https://github.com/WebPA/WebPA/commit/8836c4f549181e885a68e0e7ca561fdbcbd04bf0
Patch
https://github.com/WebPA/WebPA/pull/87
Patch
https://github.com/WebPA/WebPA/releases/tag/v3.1.2
Release Notes
https://vuldb.com/?ctiid.217637
Third Party Advisory
https://vuldb.com/?id.217637
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lboro:webpa:*:*:*:*:*:*:*:*

Версия до 3.1.2 (исключая)

EPSS

Процентиль: 57%

0.00351

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-mjgw-f2c4-f8qj

CVSS3: 9.8

github

около 3 лет назад

WebPA SQL Injection vulnerability

EPSS

Процентиль: 57%

0.00351

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89