Lucene search

[email protected]CVE-2015-1576

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2015-1576

2022-10-0316:15:51

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

u5cms

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.5%

JSON

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.

Affected configurations

NVD

Node

yubau5cmsRange≤3.9.3

CPENameOperatorVersion
yuba:u5cmsyuba u5cmsle3.9.3

CPE	Name	Operator	Version
yuba:u5cms	yuba u5cms	le	3.9.3

References

packetstormsecurity.com/files/130326/u5CMS-3.9.3-SQL-Injection.html

www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5225.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for CVE-2015-1576

prion1 nvd1 cvelist1 zeroscience1 kaspersky1