Lucene search

MitreCVE-2014-5275

HistoryOct 20, 2014 - 4:55 p.m.

CVE-2014-5275

2014-10-2016:55:09

CWE-89

mitre

web.nvd.nist.gov

cve-2014-5275

sql injection

pro chat rooms

text chat rooms

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

69.5%

JSON

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.

Affected configurations

Nvd

Node

prochatroomstext_chat_roomsMatch8.2.0

VendorProductVersionCPE
prochatroomstext_chat_rooms8.2.0cpe:2.3:a:prochatrooms:text_chat_rooms:8.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
prochatrooms	text_chat_rooms	8.2.0	cpe:2.3:a:prochatrooms:text_chat_rooms:8.2.0:::::::*

References

archives.neohapsis.com/archives/bugtraq/2014-08/0026.html

packetstormsecurity.com/files/127775/Pro-Chat-Rooms-8.2.0-XSS-Shell-Upload-SQL-Injection.html

www.exploit-db.com/exploits/34275

www.osvdb.org/109829

exchange.xforce.ibmcloud.com/vulnerabilities/95127

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

69.5%

JSON

Related for CVE-2014-5275