Search criteria
4 vulnerabilities by sefrengo
CVE-2015-5052 (GCVE-0-2015-5052)
Vulnerability from cvelistv5 – Published: 2017-09-07 20:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.sefrengo.org/index.php?showtopic=3399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Sefrengo before 1.6.5 beta2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.sefrengo.org/index.php?showtopic=3399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Sefrengo before 1.6.5 beta2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.sefrengo.org/index.php?showtopic=3399",
"refsource": "CONFIRM",
"url": "http://forum.sefrengo.org/index.php?showtopic=3399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5052",
"datePublished": "2017-09-07T20:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1428 (GCVE-0-2015-1428)
Vulnerability from cvelistv5 – Published: 2015-02-03 16:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35972",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35972"
},
{
"name": "20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534593/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35972",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35972"
},
{
"name": "20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534593/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35972",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35972"
},
{
"name": "20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534593/100/0/threaded"
},
{
"name": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html",
"refsource": "MISC",
"url": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html"
},
{
"name": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb",
"refsource": "MISC",
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb"
},
{
"name": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07",
"refsource": "MISC",
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1428",
"datePublished": "2015-02-03T16:00:00",
"dateReserved": "2015-01-31T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0918 (GCVE-0-2015-0918)
Vulnerability from cvelistv5 – Published: 2015-01-08 15:00 – Updated: 2024-09-16 22:03
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150106 Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.sefrengo.org/index.php?showtopic=3360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-08T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150106 Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.sefrengo.org/index.php?showtopic=3360"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150106 Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/10"
},
{
"name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-06.html"
},
{
"name": "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129825/Sefrengo-CMS-1.6.0-Cross-Site-Scripting.html"
},
{
"name": "http://forum.sefrengo.org/index.php?showtopic=3360",
"refsource": "CONFIRM",
"url": "http://forum.sefrengo.org/index.php?showtopic=3360"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-0918",
"datePublished": "2015-01-08T15:00:00Z",
"dateReserved": "2015-01-08T00:00:00Z",
"dateUpdated": "2024-09-16T22:03:19.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0919 (GCVE-0-2015-0919)
Vulnerability from cvelistv5 – Published: 2015-01-08 15:00 – Updated: 2024-09-17 01:11
VLAI?
Summary
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150106 SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.sefrengo.org/index.php?showtopic=3360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-08T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150106 SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.sefrengo.org/index.php?showtopic=3360"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150106 SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/9"
},
{
"name": "http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html"
},
{
"name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html"
},
{
"name": "http://forum.sefrengo.org/index.php?showtopic=3360",
"refsource": "CONFIRM",
"url": "http://forum.sefrengo.org/index.php?showtopic=3360"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-0919",
"datePublished": "2015-01-08T15:00:00Z",
"dateReserved": "2015-01-08T00:00:00Z",
"dateUpdated": "2024-09-17T01:11:11.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}