CVE-2021-26830
CRITICAL9.1EPSS 0.93%SQL Injection in tribalsystems/zenario
發布日:2022/3/18修改日:2024/2/16
描述
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
受影響套件(1)
- Packagist/tribalsystems/zenariofrom 0, < 8.8.53370
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-26830
- WEBhttps://edhunter484.medium.com/blind-sql-injection-on-zenario-cms-b58b6820c32d
- WEBhttps://github.com/TribalSystems/Zenario/commit/2c82a4d126c8446106347ef603b157f2d4175fd1
- WEBhttps://github.com/TribalSystems/Zenario/releases/tag/8.8.53370
- WEBhttps://www.exploit-db.com/exploits/49642