5 matches found
SQL Injection in Е2
Advisory ID: HTB23222 Product: Е2 Vendor: Ilya Birman Vulnerable Versions: v2844 and probably prior Tested Version: v2844 Advisory Publication: July 2, 2014 without technical details Vendor Notification: July 2, 2014 Vendor Patch: July 3, 2014 Public Disclosure: July 23, 2014 Vulnerability Type:...
CVE-2014-4736
CVE-2014-4736 describes an SQL injection in E2 before 2.4 (2845) via the note-id parameter to /@actions/comment-process. The root cause is insufficient input sanitization, allowing remote attackers to inject arbitrary SQL commands, potentially adding/modifying/deleting records or gaining site acc...
E2 2844 SQL Injection Vulnerability
E2 version 2844 suffers from a remote SQL injection vulnerability. Product: Е2 Vendor: Ilya Birman Vulnerable Versions: v2844 and probably prior Tested Version: v2844 Advisory Publication: July 2, 2014 without technical details Vendor Notification: July 2, 2014 Vendor Patch: July 3, 2014 Public...
E2 2844 SQL Injection
Advisory ID: HTB23222 Product: Е2 Vendor: Ilya Birman Vulnerable Versions: v2844 and probably prior Tested Version: v2844 Advisory Publication: July 2, 2014 without technical details Vendor Notification: July 2, 2014 Vendor Patch: July 3, 2014 Public Disclosure: July 23, 2014 Vulnerability Type:...
CVE-2014-4736
creationtimestamp| type| source ---|---|--- 2014-07-23 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39267...