5 matches found
CVE-2015-1428
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow 1 remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or 2 remote authenticated users to execute arbitrary SQL commands via the valueid parameter in a savevalue action to...
CVE-2015-1428
Sefrengo CMS (before 1.6.2) has multiple SQL injection vulnerabilities. Exploitable via cookies (sefrengo cookie during login to backend/main.php) or via value_id in a save_value action to backend/main.php; vulnerable code paths include /backend/external/phplib/ct_sql.inc and /backend/inc/class.v...
Sefrengo CMS 1.6.1 - Multiple SQL Injection Vulnerabilities
Sefrengo CMS version 1.6.1 suffers from multiple remote SQL injection vulnerabilities. Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan email protected & ITAS Team www.itas.vn Vendor Homepage:...
Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities
Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Vendor: http://www.sefrengo.org/ Download link: http://forum.sefrengo.org/index.php?showtopic=3368 https://github.com/sefrengo-cms/sefrengo-1.x/tree/22c0d16bfd715631ed317cc99 0785ccede478f07 CVE ID: CVE-2015-1428...
Sefrengo CMS 1.6.1 - Multiple SQL Injections
Sefrengo CMS 1.6.1 - Multiple SQL Injections Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://www.sefrengo.org/ Software Link:...