Lucene search

K
cve[email protected]CVE-2015-1518
HistoryFeb 11, 2015 - 7:59 p.m.

CVE-2015-1518

2015-02-1119:59:01
CWE-89
web.nvd.nist.gov
36
cve-2015-1518
sql injection
redaxscript
security vulnerability

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.4%

SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.

Affected configurations

NVD
Node
redaxscriptredaxscriptRange2.2.0

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.4%