9.5 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to © openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
CPE | Name | Operator | Version |
---|---|---|---|
wavelink_media:tutorialcms | wavelink media tutorialcms | le | 1.00 |
osvdb.org/35899
osvdb.org/35900
osvdb.org/35901
osvdb.org/35902
osvdb.org/35903
osvdb.org/35905
secunia.com/advisories/25222
www.securityfocus.com/bid/23905
www.vupen.com/english/advisories/2007/1742
www.wavelinkmedia.com/scripts/tutorialcms/
exchange.xforce.ibmcloud.com/vulnerabilities/34214
www.exploit-db.com/exploits/3887
More