Описание
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:amss\+\+_project:amss\+\+:4.31:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00047
Низкий
8.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 8.2
github
почти 2 года назад
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
EPSS
Процентиль: 15%
0.00047
Низкий
8.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-89
CWE-89