Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
Threat-Mapped Scoring
Score: 3.0
Priority: P2 - Serious (High)
S1 – Steal Customer Account Information
EPSS
Score: 0.02044 Percentile:
0.83076
CVSS Scoring
CVSS v2 Score: 6.8
Severity:
Mapped CWE(s)
CWE-89
: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
All CAPEC(s)
CAPEC-108: Command Line Execution through SQL Injection
CAPEC-109: Object Relational Mapping Injection
CAPEC-110: SQL Injection through SOAP Parameter Tampering
CAPEC-470: Expanding Control over the Operating System from the Database