Lucene search

MitreCVE-2015-1434

HistoryFeb 16, 2015 - 3:59 p.m.

CVE-2015-1434

2015-02-1615:59:04

CWE-89

mitre

web.nvd.nist.gov

cve-2015-1434

sql injection

remote code execution

security vulnerability

my little forum

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.

Affected configurations

Nvd

Node

mylittleforummy_little_forumRange≤2.3.3

VendorProductVersionCPE
mylittleforummy_little_forum*cpe:2.3:a:mylittleforum:my_little_forum:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mylittleforum	my_little_forum	*	cpe:2.3:a:mylittleforum:my_little_forum::::::::

References

mylittleforum.net/forum/index.php?id=8182

packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html

www.securityfocus.com/archive/1/534681/100/0/threaded

www.securityfocus.com/bid/72575

exchange.xforce.ibmcloud.com/vulnerabilities/100855

www.htbridge.com/advisory/HTB23248

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.01

Percentile

83.9%

JSON

Related for CVE-2015-1434