ID CVE-2015-7784 Type cve Reporter NVD Modified 2015-12-30T13:20:28
Description
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
{"jvn": [{"lastseen": "2018-08-31T00:36:13", "references": [], "description": "\n ## Description\n\nBbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability (CWE-89).\n\n ## Impact\n\nA logged in attacker may execute SQL statements. \nAccording to the developer, this vulnerability affects availability of the server that EC-CUBE resides, but information in the database can not be obtained or altered.\n\n ## Solution\n\n**Do not use BbAdminViewsControl** \nPlease stop use of BbAdminViewsControl. \nThe developer has stopped distributing the product.\n\n ## Products Affected\n\n * BbAdminViewsControl213 Ver1.0 and earlier\n * BbAdminViewsControl Ver2.0 and earlier\n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2015-12-03T00:00:00", "title": "JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-7784"], "modified": "2016-07-07T00:00:00", "id": "JVN:55545372", "href": "http://jvn.jp/en/jp/JVN55545372/index.html", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}]}
