Vulnerability CVE-2015-1471


Published: 2015-02-12   Modified: 2015-02-13

Description:
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: Pragyan cms project
Product: Pragyan cms 
Version: 3.0;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://github.com/delta/pragyan/issues/206
https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309
http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html
http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html
http://seclists.org/oss-sec/2015/q1/402
http://seclists.org/fulldisclosure/2015/Feb/18
http://pastebin.com/ip2gGYuS

Related CVE
CVE-2017-14600
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
CVE-2017-14601
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
CVE-2015-4627
SQL injection vulnerability in Pragyan CMS 3.0.
CVE-2012-6500
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
CVE-2009-1480
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.

Copyright 2017, cxsecurity.com

 

Back to Top