Lucene search
RootSSV:60964HistoryAug 27, 2013 - 12:00 a.m.
DotNetNuke DNNArticle模块'categoryid'参数SQL注入漏洞
2013-08-2700:00:00
Root
www.seebug.org
30
0.002 Low
EPSS
Percentile
59.2%
BUGTRAQ ID: 61788
CVE(CAN) ID: CVE-2013-5117
DotNetNuke DNNArticle是DNN的CMS和文章管理模块。
DNNArticle 10.0及之前版本没有正确验证categoryid参数值的有效性,存在SQL注入漏洞,成功利用后可使远程攻击者执行未授权数据库操作。
0
DotNetNuke DNNArticle 10.0
厂商补丁:
DotNetNuke
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.example.com/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
Related
checkpoint_advisories
checkpoint_advisories
DotNetNuke DNNArticle Module SQL Injection (CVE-2013-5117)
2014-11-10 00:00:00
prion
prion
Sql injection
2014-03-12 14:55:00
nessus
nessus
DNN (DotNetNuke) DNNArticle Module categoryid Parameter SQL Injection
2013-08-16 00:00:00
packetstorm
packetstorm
DotNetNuke DNNArticle 10.0 SQL Injection
2013-08-14 00:00:00
cvelist
cvelist
CVE-2013-5117
2014-03-12 14:00:00
exploitpack
exploitpack
DotNetNuke DNNArticle Module 10.0 - SQL Injection
2013-08-15 00:00:00
seebug
seebug
DotNetNuke DNNArticle Module 10.0 - SQL Injection Vulnerability
2014-07-01 00:00:00
cve
cve
CVE-2013-5117
2014-03-12 14:55:30
zdt
zdt
DotNetNuke DNNArticle Module 10.0 - SQL Injection Vulnerability
2013-08-15 00:00:00
openvas
openvas
DotNetNuke < 10.1 DNNArticle Module SQLi Vulnerability
2013-08-19 00:00:00
nvd
nvd
CVE-2013-5117
2014-03-12 14:55:30
exploitdb
exploitdb
DotNetNuke DNNArticle Module 10.0 - SQL Injection
2013-08-15 00:00:00