Vulnerability Details CVE-2014-3446
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://seclists.org/fulldisclosure/2014/May/87
- http://www.securityfocus.com/bid/70861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93280
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3446
- http://seclists.org/fulldisclosure/2014/May/87
- http://www.securityfocus.com/bid/70861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93280
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3446
Products affected by CVE-2014-3446
-
cpe:2.3:a:bss:continuity_cms:4.2.22640.0