Lucene search

[email protected]CVE-2014-2654

HistoryApr 22, 2014 - 2:23 p.m.

CVE-2014-2654

2014-04-2214:23:35

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-2654

sql injection

mobfox madserve

authenticated users

arbitrary commands

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.9%

JSON

Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.

Affected configurations

NVD

Node

mobfoxmadserveRange≤2.0

CPENameOperatorVersion
mobfox:madservemobfox madservele2.0

CPE	Name	Operator	Version
mobfox:madserve	mobfox madserve	le	2.0

References

secunia.com/advisories/58003

www.securityfocus.com/archive/1/531848/100/0/threaded

www.securityfocus.com/bid/66661

exchange.xforce.ibmcloud.com/vulnerabilities/92545

www.htbridge.com/advisory/HTB23209

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.9%

JSON

Related for CVE-2014-2654

packetstorm1 htbridge1 prion1 securityvulns2 cvelist1 nvd1