CVE-2013-7219

Sažetak

SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.

Reference

http://2glux.com/forum/sexypolling/sexy-polling-security-vulnerability-notification-t2026.html
http://www.securityfocus.com/archive/1/530789/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/90519
https://www.htbridge.com/advisory/HTB23193

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2018 - 19:35

Objavljeno

21-01-2014 - 16:06