MidnightBSD

Advisories for phpzag

CVE-2020-8519 HIGH

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpzag phpzag -
CVE-2020-8520 HIGH

SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpzag phpzag -
CVE-2020-8521 HIGH

SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpzag phpzag -