Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1467

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1467
Last Modified 09 Feb 2015 09:15:30
Published 06 Feb 2015 10:59:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1467

Summary

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.

Vulnerable Systems

Application

  • Fork-cms Fork Cms 3.8.5


References

XF - forkcms-cve20151467-sql-injection(100668)

BUGTRAQ - 20150204 [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5

CONFIRM - http://www.fork-cms.com/blog/detail/fork-3.8.6-released

MISC - http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html


Last Updated: 27 May 2016 11:07:43