CVE-2014-9096

Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:pligg:pligg_cms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:20

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html - Exploit () http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html - Exploit
References () http://seclists.org/fulldisclosure/2014/Jul/136 - Exploit () http://seclists.org/fulldisclosure/2014/Jul/136 - Exploit
References () http://www.securityfocus.com/bid/68893 - () http://www.securityfocus.com/bid/68893 -
References () https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed - () https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed -
References () https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e - () https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e -

Information

Published : 2014-11-26 15:59

Updated : 2024-11-21 02:20


NVD link : CVE-2014-9096

Mitre link : CVE-2014-9096

CVE.ORG link : CVE-2014-9096


JSON object : View

Products Affected

pligg

  • pligg_cms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')