Описание
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter.
Ссылки
- ProductVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:unifiedoffice:total_connect_now:-:*:*:*:*:*:*:*
cpe:2.3:o:centos:centos:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00427
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter.
EPSS
Процентиль: 62%
0.00427
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-89