CVEDB API

Vulnerabilities

Vulnerable Software

Sefrengo: >> Sefrengo Security Vulnerabilities

CVE-2015-5052

SQL injection vulnerability in Sefrengo before 1.6.5 beta2.

CVSS Score

9.8

EPSS Score

0.003

Published

2017-09-07

CVE-2015-1428

Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.

CVSS Score

7.5

EPSS Score

0.014

Published

2015-02-03

CVE-2015-0919

Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.

CVSS Score

7.5

EPSS Score

0.01

Published

2015-01-08

CVE-2015-0918

Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.

CVSS Score

4.3

EPSS Score

0.005

Published

2015-01-08

Page 1

Vulnerabilities

Vulnerable Software

Sefrengo: >> Sefrengo Security Vulnerabilities

Products

Pricing

Contact Us