Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2070

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-2070
Last Modified 25 Feb 2015 12:58:03
Published 24 Feb 2015 12:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2070

Summary

SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.

Vulnerable Systems

Application

  • Etouch Samepage 4.4.0.0.239


References

EXPLOIT-DB - 36089

FULLDISC - 20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities

MISC - http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html

OSVDB - 118356


Last Updated: 27 May 2016 11:07:57