Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0919

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-0919
Last Modified 08 Jan 2015 02:55:29
Published 08 Jan 2015 10:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0919

Summary

Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.

Vulnerable Systems

Application

  • Sefrengo 1.6.0


References

MISC - http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html

FULLDISC - 20150106 SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0

MISC - http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html

CONFIRM - http://forum.sefrengo.org/index.php?showtopic=3360


Last Updated: 27 May 2016 11:07:28