CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5440

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://packetstormsecurity.com/files/128064/MX-SmartTimer-13.18.5.11-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Aug/83
https://exchange.xforce.ibmcloud.com/vulnerabilities/95675
http://packetstormsecurity.com/files/128064/MX-SmartTimer-13.18.5.11-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Aug/83
https://exchange.xforce.ibmcloud.com/vulnerabilities/95675

Products affected by CVE-2014-5440

Mpexsolutions » Mx-Smartimer » Version: Any

cpe:2.3:a:mpexsolutions:mx-smartimer:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5440

Products

Pricing

Contact Us