Lucene search

[email protected]CVE-2015-1400

HistoryFeb 03, 2015 - 4:59 p.m.

CVE-2015-1400

2015-02-0316:59:16

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

npds revolution 13

cve-2015-1400

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.4%

JSON

SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.

Affected configurations

NVD

Node

npdsrevolutionMatch13.0

CPENameOperatorVersion
npds:revolutionnpds revolutioneq13.0

CPE	Name	Operator	Version
npds:revolution	npds revolution	eq	13.0

References

packetstormsecurity.com/files/130179/NPDS-CMS-Revolution-13-SQL-Injection.html

websecgeeks.com/npds-cms-sql-injection/

www.npds.org/viewtopic.php?topic=26189&forum=12

www.npds.org/viewtopic.php?topic=26233&forum=12

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for CVE-2015-1400

nvd1 exploitpack1 zdt1 cvelist1 prion1 packetstorm1 exploitdb1