Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1476

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1476
Last Modified 04 Feb 2015 02:40:11
Published 04 Feb 2015 11:59:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1476

Summary

Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.

Vulnerable Systems

Application

  • Ecommercemajor Project Ecommercemajor


References

EXPLOIT-DB - 35878

MISC - http://packetstormsecurity.com/files/130073/ecommerceMajor-SQL-Injection.html

OSVDB - 117570

OSVDB - 117569


Last Updated: 27 May 2016 11:07:42