Published: 03/02/2015 Updated: 09/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Sefrengo prior to 1.6.2 allow (1) remote malicious users to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sefrengo sefrengo

# Exploit Title: Sefrengo CMS v161 - Multiple SQL Injection Vulnerabilities # Google Dork: N/A # Date: 01/26/2015 # Exploit Author: Nguyen Hung Tuan (tuanhnguyen@itasvn) & ITAS Team (wwwitasvn) # Vendor Homepage: wwwsefrengoorg/ # Software Link: forumsefrengoorg/indexphp?showtopic=3368 (githubcom/sefrengo-cm ...

Sefrengo CMS version 161 suffers from multiple remote SQL injection vulnerabilities ...

CWE-89 https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07 http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html http://www.exploit-db.com/exploits/35972 https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb http://www.securityfocus.com/archive/1/534593/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/35972/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1428

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect