exploitDog

CVE-2022-45889

Опубликовано: 25 дек. 2022

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).

Ссылки

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/
Exploit
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:planetestream:planet_estream:*:*:*:*:*:*:*:*

Версия до 6.72.10.07 (исключая)

EPSS

Процентиль: 78%

0.01177

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-h98c-hq83-wq3c

CVSS3: 7.2

github

около 3 лет назад

Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).

EPSS

Процентиль: 78%

0.01177

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89