CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-6492

SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.7%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

http://www.securityfocus.com/bid/97034
https://github.com/hamkovic/Admidio-3.2.5-SQLi
http://www.securityfocus.com/bid/97034
https://github.com/hamkovic/Admidio-3.2.5-SQLi

Products affected by CVE-2017-6492

Admidio » Admidio » Version: 3.2.5

cpe:2.3:a:admidio:admidio:3.2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6492

Products

Pricing

Contact Us