exploitDog

CVE-2021-46446

Опубликовано: 28 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID.

Ссылки

https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md
Exploit
Third Party Advisory
https://www.hhg-multistore.com/
Mitigation
Product
Vendor Advisory
https://github.com/blockomat2100/PoCs/blob/main/hhg_multistore/exploit_hhg_multistore.md
Exploit
Third Party Advisory
https://www.hhg-multistore.com/
Mitigation
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hhg-multistore:multistore:*:*:*:*:enterprise:*:*:*

Версия до 5.1.0 (включая)

cpe:2.3:a:hhg-multistore:multistore:4.10.3:*:*:*:community:*:*:*

EPSS

Процентиль: 73%

0.00773

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-hr82-qcw6-r4j6

github

около 4 лет назад

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID.

EPSS

Процентиль: 73%

0.00773

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89