Lucene search
Japan Vulnerability NotesJVN:52478686HistoryJun 09, 2015 - 12:00 a.m.
JVN#52478686: MilkyStep vulnerable to SQL injection
2015-06-0900:00:00
Japan Vulnerability Notes
jvn.jp
19
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.001
Percentile
50.0%
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability (CWE-89).
Impact
An attacker who can access the product may execute an arbitrary SQL command.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- MilkyStep Light Ver0.94 and earlier
- MilkyStep Professional Ver1.82 and earlier
- MilkyStep Professional OEM Ver1.82 and earlier
Related
prion
prion
Sql injection
2015-06-13 14:59:00
cvelist
cvelist
CVE-2015-2956
2015-06-13 14:00:00
nvd
nvd
CVE-2015-2956
2015-06-13 14:59:07
cve
cve
CVE-2015-2956
2015-06-13 14:59:07
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.001
Percentile
50.0%
Related for JVN:52478686