Описание
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-1471
- https://github.com/delta/pragyan/issues/206
- https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309
- http://pastebin.com/ip2gGYuS
- http://seclists.org/fulldisclosure/2015/Feb/18
- http://seclists.org/oss-sec/2015/q1/402
- http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html
- http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html
Связанные уязвимости
nvd
почти 11 лет назад
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.