Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2654

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-2654
Last Modified 23 Apr 2014 08:41:39
Published 22 Apr 2014 10:23:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-2654

Summary

Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.

Vulnerable Systems

Application

  • Mobfox Madserve 2.0


References

MISC - https://www.htbridge.com/advisory/HTB23209

XF - madserve-cve20142654-sql-injection(92545)

BID - 66661

BUGTRAQ - 20140416 SQL Injection in mAdserve

SECUNIA - 58003


Last Updated: 27 May 2016 11:05:04