Sql injection

2013-08-0921:55:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.078 Low

EPSS

Percentile

94.0%

JSON

SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the “c” parameter to index.php.

CPENameOperatorVersion
cotonti_sienaeq0.9.10
cotonti_sienaeq0.9.8
cotonti_sienaeq0.9.1
cotonti_sienaeq0.9.2
cotonti_sienaeq0.9.3
cotonti_sienaeq0.9.6
cotonti_sienaeq0.9.0
cotonti_sienaeq0.9.9
cotonti_sienale0.9.13
cotonti_sienaeq0.9.5

Name	Operator	Version
cotonti_siena	eq	0.9.10
cotonti_siena	eq	0.9.8
cotonti_siena	eq	0.9.1
cotonti_siena	eq	0.9.2
cotonti_siena	eq	0.9.3
cotonti_siena	eq	0.9.6
cotonti_siena	eq	0.9.0
cotonti_siena	eq	0.9.9
cotonti_siena	le	0.9.13
cotonti_siena	eq	0.9.5