CVE-2015-2237

Sažetak

Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.

Reference

http://packetstormsecurity.com/files/130696/Betster-1.0.4-SQL-Injection-Authentication-Bypass.html
http://www.securityfocus.com/archive/1/534816/100/0/threaded
https://www.exploit-db.com/exploits/36306/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2018 - 19:56

Objavljeno

12-03-2015 - 17:59