Lucene search

VulDBCVELIST:CVE-2017-20136

HistoryJul 16, 2022 - 6:15 a.m.

CVE-2017-20136 Itech Classifieds Script subpage.php sql injection

2022-07-1606:15:58

CWE-89

VulDB

www.cve.org

vulnerability

itech classifieds

sql injection

remote attack

public disclosure

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

0.002

Percentile

62.1%

JSON

A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51’ AND 4941=4941 AND ‘hoCP’='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CNA Affected

[
  {
    "product": "Classifieds Script",
    "vendor": "Itech",
    "versions": [
      {
        "status": "affected",
        "version": "7.27"
      }
    ]
  }
]

References

vuldb.com/?id.96282

www.exploit-db.com/exploits/41189/