Sefrengo SQL Injection Vulnerability

Sefrengo is an open source web content management system CMS based on PHP and MySql. The system supports WYSIWYG editors, image uploads and more. A SQL injection vulnerability exists in versions of Sefrengo prior to 1.6.5 beta2. A remote attacker can exploit this vulnerability to execute arbitrar...

Sefrengo CMS 1.6.1 - Multiple SQL Injection Vulnerabilities

Sefrengo CMS version 1.6.1 suffers from multiple remote SQL injection vulnerabilities. Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan email protected & ITAS Team www.itas.vn Vendor Homepage:...

Sefrengo CMS 1.6.1 - Multiple SQL Injections

Sefrengo CMS 1.6.1 - Multiple SQL Injections Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://www.sefrengo.org/ Software Link:...

Sefrengo CMS 1.6.1 - Multiple SQL Injections

Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://www.sefrengo.org/ Software Link: http://forum.sefrengo.org/index.php?showtopic=3368...

Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities

Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Vendor: http://www.sefrengo.org/ Download link: http://forum.sefrengo.org/index.php?showtopic=3368 https://github.com/sefrengo-cms/sefrengo-1.x/tree/22c0d16bfd715631ed317cc99 0785ccede478f07 CVE ID: CVE-2015-1428...

Sefrengo CMS 1.6.1 SQL Injection

Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://www.sefrengo.org/ Software Link: http://forum.sefrengo.org/index.php?showtopic=3368...

Multiple SQL Injection Vulnerabilities in Sefrengo CMS 'main.php'

Sefrengo CMS is an open source content management system. Sefrengo CMS 'main.php' has multiple SQL injection vulnerabilities due to the application failing to properly filter user-supplied input. This allows an attacker to steal cookie-based credentials, compromise the application, and access or...

Sefrengo CMS 1.6.0 Cross Site Scripting / SQL Injection Vulnerabilities

Sefrengo CMS version 1.6.0 suffers from a cross site scripting and SQL Injection Vulnerabilities Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Release-Date: 18th-Feb-2014 Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status: fixed CVE-ID: -...

Sefrengo CMS 1.6.0 - SQL Injection

Sefrengo CMS 1.6.0 - SQL Injection Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Advisory ID: SROEADV-2015-04 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Release-Date: 18th-Feb-2014 Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status...

Sefrengo CMS 1.6.0 - SQL Injection

Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Advisory ID: SROEADV-2015-04 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Release-Date: 18th-Feb-2014 Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status: fixed CVE-ID: -...

Sefrengo CMS 'main.php' Cross-Site Scripting Vulnerability

Sefrengo CMS is an open source content management system. A cross-site scripting vulnerability exists in Sefrengo CMS 'main.php' due to the application failing to properly filter user-supplied input. This allows an attacker to steal cookie-based credentials, compromise the application, and access...

Sefrengo CMS 1.6.0 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0 Advisory ID: SROEADV-2014-06 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Vendor URL: http://www.sefrengo.org/ Vendor Status: solved CVE-ID: - ========================== Vulnerability Description:...

Sefrengo CMS 1.6.0 SQL Injection

Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Advisory ID: SROEADV-2015-04 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Release-Date: 18th-Feb-2014 Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status: fixed CVE-ID: -...