CVE-2024-32493

Опубликовано: 29 апр. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 8.8

Описание

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.

Релиз	Статус	Примечание
devel	not-affected	6.5.8-1
esm-apps/noble	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	ignored	end of life, was needs-triage
noble	needs-triage
oracular	not-affected	6.5.8-1
plucky	not-affected	6.5.8-1
questing	not-affected	6.5.8-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 69%

0.00608

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2024-32493

CVSS3: 8.8

nvd

почти 2 года назад

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.

CVE-2024-32493

CVSS3: 8.8

debian

почти 2 года назад

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0 ...

GHSA-j46p-v4gj-3jj5

CVSS3: 8.8

github

почти 2 года назад

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.

EPSS

Процентиль: 69%

0.00608

Низкий

8.8 High

CVSS3

CVE-2024-32493

Описание

Пакет znuny

Ссылки на источники

Связанные уязвимости