Lucene search

MitreCVE-2015-2564

HistoryMar 20, 2015 - 2:59 p.m.

CVE-2015-2564

2015-03-2014:59:06

CWE-89

mitre

web.nvd.nist.gov

cve-2015-2564

sql injection

projectsend

r561

remote authenticated users

arbitrary commands

id parameter

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

47.2%

JSON

SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.

Affected configurations

Nvd

Node

projectsendprojectsendMatch561

VendorProductVersionCPE
projectsendprojectsend561cpe:2.3:a:projectsend:projectsend:561:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
projectsend	projectsend	561	cpe:2.3:a:projectsend:projectsend:561:::::::*

References

osvdb.org/show/osvdb/119169

packetstormsecurity.com/files/130691/ProjectSend-r561-SQL-Injection.html

seclists.org/fulldisclosure/2015/Mar/30

www.exploit-db.com/exploits/36303

www.itas.vn/news/itas-team-found-out-a-SQL-Injection-vulnerability-in-projectsend-r561-76.html

www.securityfocus.com/archive/1/534832/100/0/threaded

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

47.2%

JSON

Related for CVE-2015-2564