Описание
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database information.
Ссылки
- ExploitVDB Entry
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:viaviweb:wallpaper_admin:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00009
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
25 дней назад
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database information.
EPSS
Процентиль: 1%
0.00009
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-89