oss-sec mailing list archives
Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability
From: cve-assign () mitre org
Date: Tue, 3 Feb 2015 17:54:17 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Attackers can exploit that vulnerability by appending arbitrary SQL queries to a registered users profile id without being authenticated. /user:1%27+and+1=2+union+select+database%28%29,version%28%29,3+--+ http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html https://github.com/delta/pragyan/issues/206 http://pastebin.com/ip2gGYuS http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html http://seclists.org/fulldisclosure/2015/Feb/18
Use CVE-2015-1471. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU0VCfAAoJEKllVAevmvmsI60H/ilF12jFosK4ISdLVWrF13Uq kh0bzif+CUb7sog+InOQvVKM6V0Ci+39BjIzEkU5EQRWZQyVedMQaRYp7zMkPyUO aNLOM8DvMGFXrzRE8/ofTUa1Bq1K4vlA46YOfsm2VAbwxvGDkFEHW39sGpJyw1SL Qn3hrBhGfCdevFXrh8ZKvMmo/rVi4/kAazfZezYNOos4qlTTxLGFljl9rzJVsI8d v+MhkzD/+0sf/27pUczwLdd8XRfd0qWbTCVq8z1T/s9qKj7sq54uJZQlDsnhpKcC RLGlsX2EgqzjFOBWEnIlNZw74VYySOkR7ztuyWDRKtz0khhBviFA7ZpDxMqYEE4= =DrF7 -----END PGP SIGNATURE-----
Current thread:
- CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability Steffen Rösemann (Feb 03)
- Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability cve-assign (Feb 03)