Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1471

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1471
Last Modified 13 Feb 2015 03:57:29
Published 12 Feb 2015 11:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1471

Summary

SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.

Vulnerable Systems

Application

  • Pragyan Cms Project Pragyan Cms 3.0


References

MISC - https://github.com/delta/pragyan/issues/206

CONFIRM - https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309

MISC - http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html

MISC - http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html

MLIST - [oss-security] 20150203 Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability

FULLDISC - 20150203 SQL injection vulnerability in Pragyan CMS v.3.0

MISC - http://pastebin.com/ip2gGYuS


Last Updated: 27 May 2016 11:07:48