Lucene search

[email protected]CVE-2015-1434

HistoryFeb 16, 2015 - 3:59 p.m.

CVE-2015-1434

2015-02-1615:59:04

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-1434

sql injection

remote code execution

security vulnerability

my little forum

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.

Affected configurations

NVD

Node

mylittleforummy_little_forumRange≤2.3.3

CPENameOperatorVersion
mylittleforum:my_little_forummylittleforum my little forumle2.3.3

CPE	Name	Operator	Version
mylittleforum:my_little_forum	mylittleforum my little forum	le	2.3.3

References

mylittleforum.net/forum/index.php?id=8182

packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html

www.securityfocus.com/archive/1/534681/100/0/threaded

www.securityfocus.com/bid/72575

exchange.xforce.ibmcloud.com/vulnerabilities/100855

www.htbridge.com/advisory/HTB23248

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for CVE-2015-1434

nvd1 prion1 cvelist1 securityvulns2 zdt1 htbridge1 packetstorm1