Published: 14/11/2013 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in appRain CMF 3.0.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apprain apprain 0.2.1.1
apprain apprain 0.1.5
apprain apprain 0.1.4
apprain apprain 0.1.3
apprain apprain 0.1.2
apprain apprain 0.1.1
apprain apprain
apprain apprain 3.0.1
apprain apprain 0.1.0

Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Version(s): 302 and probably prior Tested Version: 302 Advisory Publication: October 9, 2013 [without technical details] Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference: CVE-2013-6058 Risk Level ...

appRain version 302 suffers from a remote SQL injection vulnerability ...

CWE-89 http://packetstormsecurity.com/files/123929 http://www.exploit-db.com/exploits/29514 https://www.htbridge.com/advisory/HTB23177 http://archives.neohapsis.com/archives/bugtraq/2013-11/0026.html http://www.securityfocus.com/bid/62937 https://exchange.xforce.ibmcloud.com/vulnerabilities/88581 https://nvd.nist.gov https://www.exploit-db.com/exploits/29514/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6058

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect