8.3 High
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
90.0%
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
CPE | Name | Operator | Version |
---|---|---|---|
bcoos:bcoos | bcoos | le | 1.0.13 |
bcoos:bcoos | bcoos | eq | 1.0.9 |
bcoos:bcoos | bcoos | eq | 1.0.10 |
bcoos:bcoos | bcoos | eq | 1.0.11 |
bcoos:bcoos | bcoos | eq | 1.0.12 |