exploitDog

CVE-2023-46789

Опубликовано: 07 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Ссылки

https://fluidattacks.com/advisories/ros
Exploit
Third Party Advisory
https://projectworlds.in
Product
https://fluidattacks.com/advisories/ros
Exploit
Third Party Advisory
https://projectworlds.in
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-mcf6-34j2-fvwv

CVSS3: 9.8

github

около 2 лет назад

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

EPSS

Процентиль: 35%

0.00145

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89