Lucene search

[email protected]CVE-2017-20132

HistoryJul 16, 2022 - 7:15 a.m.

CVE-2017-20132

2022-07-1607:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2017-20132

itech multi vendor script

sql injection

remote attack

information security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected configurations

Vulners

NVD

Node

itechmulti_vendor_scriptMatch6.49

CPENameOperatorVersion
itechscripts:multi_vendor_scriptitechscripts multi vendor scripteq6.49

CPE	Name	Operator	Version
itechscripts:multi_vendor_script	itechscripts multi vendor script	eq	6.49

CNA Affected

[
  {
    "product": "Multi Vendor Script",
    "vendor": "Itech",
    "versions": [
      {
        "status": "affected",
        "version": "6.49"
      }
    ]
  }
]

References

vuldb.com/?id.96287

www.exploit-db.com/exploits/41193/

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2017-20132

nvd1 cvelist1 prion1