QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1442

Published: Feb 6, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.html

x_refsource_MISC

[oss-security] 20150201 CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities

mailing-list

x_refsource_MLIST

http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.html

x_refsource_MISC

http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.html

x_refsource_MISC

[oss-security] 20150201 Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities

mailing-list

x_refsource_MLIST

20150201 SQL injection vulnerabilities in zerocms <= v.1.3.3

mailing-list

x_refsource_FULLDISC

http://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.html

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.