2 matches found
CVE-2015-8355
The CVE-2015-8355 entry concerns the orion.extfeedbackform Bitrix module, specifically versions before 2.1.3. The vulnerability is SQL injection in the admin/orion.extfeedbackform_efbf_forms.php script, exploitable via the GET parameters order and by; an authenticated user could execute arbitrary...
orion.extfeedbackform Bitrix Module 2.1.2 CSRF / SQL Injection
Advisory ID: HTB23280 Product: orion.extfeedbackform Bitrix module Vendor: www.orion-soft.ru Vulnerable Versions: 2.1.2 and probably prior Tested Version: 2.1.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: December 11, 2015...