Lucene search

MitreCVE-2014-1466

HistoryJan 15, 2014 - 4:08 p.m.

CVE-2014-1466

2014-01-1516:08:18

CWE-89

mitre

web.nvd.nist.gov

sql injection

vulnerability

csp mysql user manager

remote attackers

arbitrary sql commands

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.005

Percentile

77.1%

JSON

SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.

Affected configurations

Nvd

Node

csp_mysql_user_manager_projectcsp_mysql_user_managerMatch2.3

VendorProductVersionCPE
csp_mysql_user_manager_projectcsp_mysql_user_manager2.3cpe:2.3:a:csp_mysql_user_manager_project:csp_mysql_user_manager:2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
csp_mysql_user_manager_project	csp_mysql_user_manager	2.3	cpe:2.3:a:csp_mysql_user_manager_project:csp_mysql_user_manager:2.3:::::::*

References

osvdb.org/101867

packetstormsecurity.com/files/124724/cspmysql-sql.txt

secunia.com/advisories/56348

www.securityfocus.com/bid/64731

exchange.xforce.ibmcloud.com/vulnerabilities/90210

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.005

Percentile

77.1%

JSON

Related for CVE-2014-1466