CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
72.1%
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
Vendor | Product | Version | CPE |
---|---|---|---|
free_lan_intra_internet_portal | free_lan_intra_internet_portal | * | cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:*:*:*:*:*:*:*:* |
free_lan_intra_internet_portal | free_lan_intra_internet_portal | 0.9.0.730 | cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730:*:*:*:*:*:*:* |
free_lan_intra_internet_portal | free_lan_intra_internet_portal | 0.9.0.1029 | cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029:*:*:*:*:*:*:* |
free_lan_intra_internet_portal | free_lan_intra_internet_portal | 1.0_rc1 | cpe:2.3:a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1:*:*:*:*:*:*:* |