Lucene search

[email protected]CVE-2015-4137

HistoryMay 29, 2015 - 2:59 p.m.

CVE-2015-4137

2015-05-2914:59:01

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

milw0rm clone script 1.0

remote attack

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.6%

JSON

SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.

Affected configurations

NVD

Node

milw0rm_projectmilw0rm_clone_scriptMatch1.0

CPENameOperatorVersion
milw0rm_project:milw0rm_clone_scriptmilw0rm project milw0rm clone scripteq1.0

CPE	Name	Operator	Version
milw0rm_project:milw0rm_clone_script	milw0rm project milw0rm clone script	eq	1.0

References

packetstormsecurity.com/files/131981/Milw0rm-Clone-Script-1.0-SQL-Injection.html

seclists.org/fulldisclosure/2015/May/76

www.securityfocus.com/bid/74745

www.exploit-db.com/exploits/37248/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.6%

JSON

Related for CVE-2015-4137

cvelist1 nvd1 openvas1 prion1