CVE-2015-6009

Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
References
Link Resource
http://www.kb.cert.org/vuls/id/374092 Third Party Advisory US Government Resource
https://www.exploit-db.com/exploits/38292/
http://www.kb.cert.org/vuls/id/374092 Third Party Advisory US Government Resource
https://www.exploit-db.com/exploits/38292/
Configurations

Configuration 1 (hide)

cpe:2.3:a:refbase:refbase:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:34

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/374092 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/374092 - Third Party Advisory, US Government Resource
References () https://www.exploit-db.com/exploits/38292/ - () https://www.exploit-db.com/exploits/38292/ -

Information

Published : 2015-09-28 02:59

Updated : 2024-11-21 02:34


NVD link : CVE-2015-6009

Mitre link : CVE-2015-6009

CVE.ORG link : CVE-2015-6009


JSON object : View

Products Affected

refbase

  • refbase
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')