Zurück zur CVE-Übersicht
CVE-2014-9096
HIGH(7.5)AV:N/AC:L/Au:N/C:P/I:P/A:P
Risk Signal Score19/100 — NIEDRIG
- CVSS 7.5 — Hoch
EPSS-Score
2%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.5
Technische Schwere
Beschreibung
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
Referenzen
- http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Ex...
- http://seclists.org/fulldisclosure/2014/Jul/136
- http://www.securityfocus.com/bid/68893
- https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aeb...
- https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe03...
- http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Ex...
- http://seclists.org/fulldisclosure/2014/Jul/136
- http://www.securityfocus.com/bid/68893
- https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aeb...
- https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe03...