Lucene search

[email protected]CVE-2015-4118

HistoryJun 15, 2015 - 3:59 p.m.

CVE-2015-4118

2015-06-1515:59:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2015

4118

ispconfig

sql injection

vulnerability

monitor permissions

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.4%

JSON

SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.

CPENameOperatorVersion
ispconfig:ispconfigispconfigle3.0.5.4

CPE	Name	Operator	Version
ispconfig:ispconfig	ispconfig	le	3.0.5.4

References

bugtracker.ispconfig.org/index.php?do=details&task_id=3898

packetstormsecurity.com/files/132238/ISPConfig-3.0.5.4p6-SQL-Injection-Cross-Site-Request-Forgery.html

www.securityfocus.com/archive/1/535734/100/0/threaded

www.securityfocus.com/bid/75126

www.exploit-db.com/exploits/37259/

www.htbridge.com/advisory/HTB23260

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2015-4118

securityvulns2 exploitpack1 zdt1 packetstorm1 cvelist2 prion2 htbridge1 exploitdb1 seebug1 cve1