Описание
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 20130826+dfsg3-4 |
| devel | not-affected | 20130826+dfsg3-4 |
| esm-apps/bionic | not-affected | 20130826+dfsg3-4 |
| esm-apps/focal | not-affected | 20130826+dfsg3-4 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 20130826+dfsg3-4 |
| groovy | not-affected | 20130826+dfsg3-4 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands p ...
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
7.5 High
CVSS2
9.8 Critical
CVSS3