ID CVE-2015-7784 Type cve Reporter NVD Modified 2015-12-30T13:20:28
Description
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
{"result": {"jvn": [{"id": "JVN:55545372", "type": "jvn", "title": "JVN#55545372: EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection", "description": "\n ## Description\n\nBbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability (CWE-89).\n\n ## Impact\n\nA logged in attacker may execute SQL statements. \nAccording to the developer, this vulnerability affects availability of the server that EC-CUBE resides, but information in the database can not be obtained or altered.\n\n ## Solution\n\n**Do not use BbAdminViewsControl** \nPlease stop use of BbAdminViewsControl. \nThe developer has stopped distributing the product.\n\n ## Products Affected\n\n * BbAdminViewsControl213 Ver1.0 and earlier\n * BbAdminViewsControl Ver2.0 and earlier\n", "published": "2015-12-03T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://jvn.jp/en/jp/JVN55545372/index.html", "cvelist": ["CVE-2015-7784"], "lastseen": "2017-03-23T17:09:43"}]}}
