9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
0.015 Low
EPSS
Percentile
86.8%
Ecava IntegraXor versions prior to 4.2.4458 contain multiple vulnerabilities:
IntegraXor contains a security bypass vulnerability that allows the guest user to execute SQL SELECT queries and upload potentially malicious files. (CVE-2014-0786)
IntegraXor allows remote attackers to read or write arbitrary files, obtain sensitive information or cause a denial of service (disk consumption) via the CSV export feature. (CVE-2014-2375)
IntegraXor contains an SQL injection vulnerability that an attacker could use to read arbitrary files from the server, connect to other SQL databases, and read data from tables that are normally restricted. An attacker could cause a denial of service by using specially crafted SQL queries or could manipulate data within the tables. (CVE-2014-2376)
IntegraXor uses built-in application tags. These application tags disclose information that could be used to identify full path names of files, which can be leveraged with the SQL injection vulnerability. (CVE-2014-2377)
Binary data 8400.prm
Vendor | Product | Version | CPE |
---|---|---|---|
ecava | integraxor | cpe:/a:ecava:integraxor |