Vulnerability Details CVE-2013-4789
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/95842
- http://secunia.com/advisories/54289
- http://www.cotonti.com/forums?m=posts&q=7475
- http://www.cotonti.com/news/announce/siena_0914_released
- http://www.securityfocus.com/bid/61538
- https://github.com/Cotonti/Cotonti/commit/45eec046391afabb676b62b9201da0cd530360b4
- https://www.htbridge.com/advisory/HTB23164
- http://osvdb.org/95842
- http://secunia.com/advisories/54289
- http://www.cotonti.com/forums?m=posts&q=7475
- http://www.cotonti.com/news/announce/siena_0914_released
- http://www.securityfocus.com/bid/61538
- https://github.com/Cotonti/Cotonti/commit/45eec046391afabb676b62b9201da0cd530360b4
- https://www.htbridge.com/advisory/HTB23164
Products affected by CVE-2013-4789
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.0
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.1
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.10
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.11
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.11.1
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.12
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.12.1
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.13
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.2
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.3
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.4
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.5
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.6
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.7
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.8
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.9
-
cpe:2.3:a:cotonti:cotonti_siena:0.9.9.1