Description

SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.

Remediation

References

CVE-2013-3638

Related Vulnerabilities

WordPress Plugin SEO Ultimate 'wp-admin/post.php' Cross-Site Scripting (6.9.1)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5001)

WordPress Plugin TAKETIN To WP Membership PHP Object Injection (1.2.7)

WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-21661)

Severity

High

Classification

CVE-2013-3638 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities