Vulnerability CVE-2014-2303

Vulnerability CVE-2014-2303

Published: 2014-06-13 Modified: 2014-06-16

Description:

	Topic	Author	Date
Med.	webEdition CMS 6.3.8.0 svn6985 SQL Injection	RedTeam	30.05.2014

Type:

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Webedition -> Webedition cms

http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html

http://seclists.org/fulldisclosure/2014/May/148

http://www.securityfocus.com/archive/1/532231/100/0/threaded

http://www.securityfocus.com/bid/67689

http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht

https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser