CVE-2021-41765 in ResourceSpacethông tin

Tóm tắt

Bởi MITRE • 17/11/2021

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Đặt trước

27/09/2021

Tiết lộ

17/11/2021

Kiểm duyệt

được chấp nhận

EPSS

0.67845

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you need the next level of professionalism?

Upgrade your account now!