exploitDog

CVE-2023-50866

Опубликовано: 04 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.

Ссылки

https://fluidattacks.com/advisories/evans/
Exploit
Third Party Advisory
https://www.kashipara.com/
Product
https://fluidattacks.com/advisories/evans/
Exploit
Third Party Advisory
https://www.kashipara.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kashipara:travel_website:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00072

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-xx52-9m5j-pp7h

CVSS3: 9.8

github

больше 1 года назад

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.

EPSS

Процентиль: 22%

0.00072

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89