CVE-2014-2245

Опубликовано: 05 мар. 2014

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.

Ссылки

http://dev.cmsmadesimple.org/project/changelog/4602
Vendor Advisory
http://seclists.org/oss-sec/2014/q1/467
http://secunia.com/advisories/56996
Vendor Advisory
http://www.securityfocus.com/bid/65953
http://dev.cmsmadesimple.org/project/changelog/4602
Vendor Advisory
http://seclists.org/oss-sec/2014/q1/467
http://secunia.com/advisories/56996
Vendor Advisory
http://www.securityfocus.com/bid/65953

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*

Версия до 1.11.9 (включая)

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.3.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.6.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.10.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.11.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.12.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:0.13:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.10.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.2:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.3:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.4:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.5:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.6:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.7:*:*:*:*:*:*:*

cpe:2.3:a:cmsmadesimple:cms_made_simple:1.11.8:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00316

Низкий

6 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2014-2245

debian

почти 12 лет назад

SQL injection vulnerability in the News module in CMS Made Simple (CMS ...

GHSA-mfrg-qj22-f4fw

github

больше 3 лет назад