Published: 09/08/2013 Updated: 13/08/2013

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in modules/rss/rss.php in Cotonti prior to 0.9.14 allows remote malicious users to execute arbitrary SQL commands via the "c" parameter to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cotonti cotonti siena 0.9.7
cotonti cotonti siena 0.9.8
cotonti cotonti siena 0.9.9
cotonti cotonti siena 0.9.0
cotonti cotonti siena 0.9.10
cotonti cotonti siena 0.9.3
cotonti cotonti siena 0.9.5
cotonti cotonti siena 0.9.11
cotonti cotonti siena 0.9.12
cotonti cotonti siena
cotonti cotonti siena 0.9.2
cotonti cotonti siena 0.9.1
cotonti cotonti siena 0.9.4
cotonti cotonti siena 0.9.6

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Version(s): 0913 and probably prior Tested Version: 0913 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2013-4789 Risk Level: High CVSSv2 Base Score: 75 (AV:N/ ...

Cotonti version 0913 suffers from a remote SQL injection vulnerability ...

CWE-89 http://secunia.com/advisories/54289 http://www.securityfocus.com/bid/61538 http://osvdb.org/95842 https://www.htbridge.com/advisory/HTB23164 http://www.cotonti.com/forums?m=posts&q=7475 https://github.com/Cotonti/Cotonti/commit/45eec046391afabb676b62b9201da0cd530360b4 http://www.cotonti.com/news/announce/siena_0914_released https://nvd.nist.gov https://www.exploit-db.com/exploits/27287/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-4789

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect