Описание
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.
Ссылки
- ExploitMitigationThird Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:small_crm_project:small_crm:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.0007
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.
EPSS
Процентиль: 21%
0.0007
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89