Vulnerability Details CVE-2021-29350
SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2021-29350
-
Shipment 100-Design Material Download System Project » Shipment 100-Design Material Download System » Version: 1.1cpe:2.3:a:shipment_100-design_material_download_system_project:shipment_100-design_material_download_system:1.1