Vulnerability Details CVE-2015-0919
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://forum.sefrengo.org/index.php?showtopic=3360
- http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jan/9
- http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html
- http://forum.sefrengo.org/index.php?showtopic=3360
- http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jan/9
- http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html
Products affected by CVE-2015-0919
-
cpe:2.3:a:sefrengo:sefrengo:1.0.2
-
cpe:2.3:a:sefrengo:sefrengo:1.0.3
-
cpe:2.3:a:sefrengo:sefrengo:1.2.0
-
cpe:2.3:a:sefrengo:sefrengo:1.2.1
-
cpe:2.3:a:sefrengo:sefrengo:1.2.2
-
cpe:2.3:a:sefrengo:sefrengo:1.3.0
-
cpe:2.3:a:sefrengo:sefrengo:1.4.0
-
cpe:2.3:a:sefrengo:sefrengo:1.4.1
-
cpe:2.3:a:sefrengo:sefrengo:1.4.2
-
cpe:2.3:a:sefrengo:sefrengo:1.4.3
-
cpe:2.3:a:sefrengo:sefrengo:1.4.4
-
cpe:2.3:a:sefrengo:sefrengo:1.4.5
-
cpe:2.3:a:sefrengo:sefrengo:1.4.6
-
cpe:2.3:a:sefrengo:sefrengo:1.5.0
-
cpe:2.3:a:sefrengo:sefrengo:1.5.1
-
cpe:2.3:a:sefrengo:sefrengo:1.6.0