Description
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=213
Product, Vendor Advisory x_refsource_misc
https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/
Exploit, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/07/09/1
Scores
CVSS v3
9.8
EPSS
0.0141
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
phpzag/phpzag
Published
Jul 07, 2020
Tracked Since
Feb 18, 2026