琐事,日常之事:

Web Technology:

CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability

 

 

Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities

Product: SmartCMS v.2

Vendor: Smartwebsites

Vulnerable Versions: v.2

Tested Version: v.2

Advisory Publication: Jan 22, 2015

Latest Update: Jan 22, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)

CVE Reference: CVE-2014-9558

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]



http://www.inzeed.com/kaleidoscope/cves/cve-2014-9558-smartcms-multiple-sql-injection-security-vulnerability/


评论
热度(19)
© 點滴的記錄 | Powered by LOFTER