exploitDog

CVE-2023-38044

Опубликовано: 07 авг. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

Ссылки

https://extensions.joomla.org/vulnerable-extensions/resolved/hikashop-versions-from-4-4-1-to-4-7-2-are-affected-sql-injection/
Third Party Advisory
https://www.hikashop.com/support/documentation/56-hikashop-changelog.html
Release Notes
https://extensions.joomla.org/vulnerable-extensions/resolved/hikashop-versions-from-4-4-1-to-4-7-2-are-affected-sql-injection/
Third Party Advisory
https://www.hikashop.com/support/documentation/56-hikashop-changelog.html
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hikashop:hikashop:*:*:*:*:*:joomla\!:*:*

Версия от 4.0.0 (включая) до 4.7.2 (включая)

EPSS

Процентиль: 21%

0.00066

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-whq6-w9q4-mww3

CVSS3: 9.8

github

больше 2 лет назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

EPSS

Процентиль: 21%

0.00066

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89