CVE-2021-41765 in ResourceSpaceinformation

Résumé

par MITRE • 17/11/2021

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Réserver

27/09/2021

Divulgation

17/11/2021

Modérer

accepté

Entrée

VDB-186733

CPE

prêt

EPSS

0.67845

KEV

non

Activités

très faible

Sources

Interested in the pricing of exploits?

See the underground prices here!