CVE-2014-2303
published 2014-06-13CVE-2014-2303: Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.57%
83.2th percentile
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webedition | webedition_cms | — | — |
| webedition | webedition_cms | — | — |
| webedition | webedition_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/May/148http://www.securityfocus.com/archive/1/532231/100/0/threadedhttp://www.securityfocus.com/bid/67689http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlichthttps://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browserhttp://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/May/148http://www.securityfocus.com/archive/1/532231/100/0/threadedhttp://www.securityfocus.com/bid/67689http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlichthttps://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser
2014-06-13
Published