Lucene search

[email protected]CVE-2015-6516

HistoryAug 18, 2015 - 3:59 p.m.

CVE-2015-6516

2015-08-1815:59:17

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-6516

sql injection

cygnux.org

syspass

ajax_search.php

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.4%

JSON

SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.

Affected configurations

NVD

Node

cygnuxsyspassRange≤1.0.9

CPENameOperatorVersion
cygnux:syspasscygnux syspassle1.0.9

CPE	Name	Operator	Version
cygnux:syspass	cygnux syspass	le	1.0.9

References

packetstormsecurity.com/files/132672/sysPass-1.0.9-SQL-Injection.html

www.securityfocus.com/archive/1/535989/100/0/threaded

www.exploit-db.com/exploits/37610/

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-031.txt

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.4%

JSON

Related for CVE-2015-6516

nvd1 prion1 cvelist1