Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1576

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1576
Last Modified 12 Feb 2015 12:52:23
Published 11 Feb 2015 02:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1576

Summary

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.

Vulnerable Systems

Application

  • Yuba U5cms 3.9.3


References

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5225.php

MISC - http://packetstormsecurity.com/files/130326/u5CMS-3.9.3-SQL-Injection.html


Last Updated: 27 May 2016 11:07:47