Lucene search
CVE-2013-6839
SQL injection in InstantCMS 1.10.3 allows arbitrary SQL command
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2013-6839 | 13 Dec 201315:00 | – | cvelist |
 | CVE-2013-6839 | 13 Dec 201318:07 | – | nvd |
 | InstantCMS 1.10.3 - Blind SQL Injection | 17 Dec 201300:00 | – | exploitdb |
 | InstantCMS 1.10.3 SQL Injection | 12 Dec 201300:00 | – | packetstorm |
 | SQL Injection in InstantCMS | 20 Nov 201300:00 | – | htbridge |
 | InstantCMS 1.10.3 - Blind SQL Injection | 17 Dec 201300:00 | – | exploitpack |
 | SQL Injection in InstantCMS | 9 Jan 201400:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 9 Jan 201400:00 | – | securityvulns |
 | Sql injection | 13 Dec 201318:07 | – | prion |
 | InstantCMS 1.10.3 - Blind SQL Injection | 17 Dec 201300:00 | – | zdt |
10
Node
| Source | Link |
|---|---|
| archives | www.archives.neohapsis.com/archives/bugtraq/2013-12/0049.html |
| htbridge | www.htbridge.com/advisory/HTB23185 |
| securityfocus | www.securityfocus.com/bid/63842 |
| secunia | www.secunia.com/advisories/56041 |
| instantcms | www.instantcms.ru/novosti/security-update-1-10-3.html |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| orderby | request body | /catalog/[id] | SQL injection vulnerability due to insufficient filtration of 'orderby' parameter, allowing attackers to execute arbitrary SQL commands. | CWE-89 |
| orderto | request body | /catalog/[id] | SQL injection vulnerability due to insufficient filtration of 'orderby' parameter, allowing attackers to execute arbitrary SQL commands. | CWE-89 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo13 Dec 2013 18:07Current
8.4High risk
Vulners AI Score8.4
CVSS27.5
EPSS0.00345