Описание
social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.
Ссылки
- Patch
- ExploitVendor Advisory
- Patch
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:fobybus:social-media-skeleton:1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03604
Низкий
10 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 87%
0.03604
Низкий
10 Critical
CVSS3
8.8 High
CVSS3
Дефекты
CWE-89