Sql injection

2022-02-2415:15:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.8%

JSON

Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.

CPENameOperatorVersion
a-blog_cmseq3.0.0
a-blog_cmsge2.11.0
a-blog_cmslt2.11.42
a-blog_cmsge2.10.0
a-blog_cmslt2.10.44
a-blog_cmsge2.9.0
a-blog_cmslt2.9.40
a-blog_cmsge2.8.0
a-blog_cmslt2.8.75

Name	Operator	Version
a-blog_cms	eq	3.0.0
a-blog_cms	ge	2.11.0
a-blog_cms	lt	2.11.42
a-blog_cms	ge	2.10.0
a-blog_cms	lt	2.10.44
a-blog_cms	ge	2.9.0
a-blog_cms	lt	2.9.40
a-blog_cms	ge	2.8.0
a-blog_cms	lt	2.8.75