CVE-2015-2679

Опубликовано: 23 мар. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

Ссылки

http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17
Patch
http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16
Vendor Advisory
http://osvdb.org/show/osvdb/119392
http://osvdb.org/show/osvdb/119393
http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html
Exploit
http://www.exploit-db.com/exploits/36321
Exploit
http://www.securityfocus.com/bid/73297
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php
Exploit
https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
https://github.com/semplon/GeniXCMS/issues/7
http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17
Patch
http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16
Vendor Advisory
http://osvdb.org/show/osvdb/119392
http://osvdb.org/show/osvdb/119393
http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html
Exploit
http://www.exploit-db.com/exploits/36321
Exploit
http://www.securityfocus.com/bid/73297
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php
Exploit
https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815
https://github.com/semplon/GeniXCMS/issues/7

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:genixcms:genixcms:*:*:*:*:*:*:*:*

Версия до 0.0.1 (включая)

EPSS

Процентиль: 92%

0.08867

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-m6vg-jvg4-5v4h

github

больше 3 лет назад