4 matches found
CVE-2015-5617
CVE-2015-5617 describes a SQL injection in Enorth Webpublisher CMS via /pub/m_pending_news/delete_pending_news.jsp. The parameter cbNewsId is read and used in a SQL DELETE built by PendingNewsBean.deletePendingNews, concatenating IDs into an IN clause without sufficient validation. A remote attac...
Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp
Title:CVE-2015-5617Enorth Webpublisher CMS SQL Injection from deletependingnews.jsp cbNewsidVendor:http://products.enorth.com.cn/bfnrglxt/index.shtmlEnorth Webpublisher CMS so far of the scale of tens of thousands of web sites, with the government, enterprises, scientific research and education a...
Enorth Webpublisher CMS SQL Injection Vulnerability
Enorth Webpublisher CMS suffers from a remote SQL injection vulnerability. Title: ==== CVE-2015-5617Enorth Webpublisher CMS SQL Injection from deletependingnews.jsp cbNewsid Vendor: ====== http://products.enorth.com.cn/bfnrglxt/index.shtml Enorth Webpublisher CMS so far of the scale of tens of...
Enorth Webpublisher CMS SQL Injection
Title: ==== CVE-2015-5617Enorth Webpublisher CMS SQL Injection from deletependingnews.jsp cbNewsid Vendor: ====== http://products.enorth.com.cn/bfnrglxt/index.shtml Enorth Webpublisher CMS so far of the scale of tens of thousands of web sites, with the government, enterprises, scientific research...