- Description
- Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wsn_knowledge_base:wsn_knowledge_base:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EED030F2-0035-42D0-B585-3D7B70608064",
"versionEndIncluding": "1.2.0"
}
],
"operator": "OR"
}
]
}
]