6.5
CVSSv2

CVE-2019-6127

Published: 11/01/2019 Updated: 23/01/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

An issue exists in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.

Vulnerability Trend

Affected Products

Vendor Product Versions
XiaocmsXiaocms20141229