[email protected]CVE-2014-2303

HistoryJun 13, 2014 - 2:55 p.m.

CVE-2014-2303

2014-06-1314:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-2303

sql injection

webedition cms

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

66.1%

JSON

Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.

CPENameOperatorVersion
webedition:webedition_cmswebedition webedition cmseq6.2.7.0
webedition:webedition_cmswebedition webedition cmseq6.3.3.0
webedition:webedition_cmswebedition webedition cmseq6.3.8.0

CPE	Name	Operator	Version
webedition:webedition_cms	webedition webedition cms	eq	6.2.7.0
webedition:webedition_cms	webedition webedition cms	eq	6.3.3.0
webedition:webedition_cms	webedition webedition cms	eq	6.3.8.0

References

packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html

seclists.org/fulldisclosure/2014/May/148

www.securityfocus.com/archive/1/532231/100/0/threaded

www.securityfocus.com/bid/67689

www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht

www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVE-2014-2303

securityvulns2 packetstorm1 prion1