Back to search
CVE-2015-1428
Published: Feb 3, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35972
exploit
x_refsource_EXPLOIT-DB
20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now