CVE-2015-0919

Опубликовано: 08 янв. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.

Ссылки

http://forum.sefrengo.org/index.php?showtopic=3360
Vendor Advisory
http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html
Exploit
http://seclists.org/fulldisclosure/2015/Jan/9
Exploit
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html
Exploit
http://forum.sefrengo.org/index.php?showtopic=3360
Vendor Advisory
http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html
Exploit
http://seclists.org/fulldisclosure/2015/Jan/9
Exploit
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sefrengo:sefrengo:*:*:*:*:*:*:*:*

Версия до 1.6.0 (включая)

EPSS

Процентиль: 76%

0.01

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-cxg5-hq83-f2jf

github

больше 3 лет назад