Search...

CVE-2015-7784

2015-12-30T00:59:07

ID CVE-2015-7784
Type cve
Reporter NVD
Modified 2015-12-30T13:20:28

Description

SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

JSON Vulners Source

Initial Source

{"reporter": "NVD", "enchantments": {"vulnersScore": 7.5}, "published": "2015-12-30T00:59:07", "cvelist": ["CVE-2015-7784"], "title": "CVE-2015-7784", "objectVersion": "1.2", "type": "cve", "hash": "73ace9884b0495057ac441a7c135999fc1d6b54eaf6d45195f9df103fe5c2ee4", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7784", "bulletinFamily": "NVD", "id": "CVE-2015-7784", "history": [], "scanner": [], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "modified": "2015-12-30T13:20:28", "viewCount": 0, "cpe": ["cpe:/a:bokublock:bbadminviewscontrol:2.0::~~~ec-cube~~", "cpe:/a:bokublock:bbadminviewscontrol213:1.0::~~~ec-cube~~"], "edition": 1, "description": "SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.", "references": ["http://jvn.jp/en/jp/JVN55545372/index.html", "http://www.ec-cube.net/products/detail.php?product_id=288", "http://www.ec-cube.net/products/detail.php?product_id=781", "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000190"], "lastseen": "2016-09-03T23:19:09", "assessment": {"system": "", "name": "", "href": ""}}

{"result": {"jvn": [{"id": "JVN:55545372", "type": "jvn", "title": "JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection", "description": "\n ## Description\n\nBbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability (CWE-89).\n\n ## Impact\n\nA logged in attacker may execute SQL statements. \nAccording to the developer, this vulnerability affects availability of the server that EC-CUBE resides, but information in the database can not be obtained or altered.\n\n ## Solution\n\n**Do not use BbAdminViewsControl** \nPlease stop use of BbAdminViewsControl. \nThe developer has stopped distributing the product.\n\n ## Products Affected\n\n * BbAdminViewsControl213 Ver1.0 and earlier\n * BbAdminViewsControl Ver2.0 and earlier\n", "published": "2015-12-03T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://jvn.jp/en/jp/JVN55545372/index.html", "cvelist": ["CVE-2015-7784"], "lastseen": "2017-03-23T17:09:43"}]}}