1 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección de SQL en el plugin Starrating para b2evolution antes de v0.7.7 permiten a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/54369 http://secunia.com/advisories/35053 http://sourceforge.net/project/shownotes.php?release_id=681352&group_id=160495 http://www.securityfocus.com/bid/34899 https://exchange.xforce.ibmcloud.com/vulnerabilities/50417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •