mccms 2.6 1 SQL Injection

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin mccms 2.6. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /category/order/hits/copyright/46/finish/1/list/1 na cikin fayil, $software_component na cikin sashi. Ngam manipulation with the input '"1 shi SQL Injection. CWE shidin ka a yi bayani matsala sai ya kai CWE-89. Gaskiya, laifi an fitar da shi 09/17/2023. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2023-5029. Wuro ndiyam na local network ɗin sai a samu kafin wannan hari ya yi nasara. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Goyarwa · 70 Datenpunkte

FurɗeSúgá
09/17/2023 08:30		Gargadi 1/2
10/12/2023 15:22		Gargadi 2/2
10/12/2023 15:27
software_namemccmsmccmsmccms
software_version2.62.62.6
software_file/category/order/hits/copyright/46/finish/1/list/1/category/order/hits/copyright/46/finish/1/list/1/category/order/hits/copyright/46/finish/1/list/1
input_value'"1'"1'"1
vulnerability_cweCWE-89 (SQL Injection)CWE-89 (SQL Injection)CWE-89 (SQL Injection)
vulnerability_risk222
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/1541284314/cve/blob/main/README.mdhttps://github.com/1541284314/cve/blob/main/README.mdhttps://github.com/1541284314/cve/blob/main/README.md
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/1541284314/cve/blob/main/README.mdhttps://github.com/1541284314/cve/blob/main/README.mdhttps://github.com/1541284314/cve/blob/main/README.md
source_cveCVE-2023-5029CVE-2023-5029CVE-2023-5029
cna_responsibleVulDBVulDBVulDB
advisory_date1694901600 (09/17/2023)1694901600 (09/17/2023)1694901600 (09/17/2023)
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore5.25.25.2
cvss2_vuldb_tempscore4.44.44.4
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.05.05.0
cvss3_meta_basescore5.55.56.6
cvss3_meta_tempscore5.05.06.4
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1694901600 (09/17/2023)1694901600 (09/17/2023)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871.A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871.
cvss3_nvd_avA
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore5.2
cvss3_nvd_basescore8.8
cvss3_cna_basescore5.5

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!