CVE-2014-7871
published 2014-11-21CVE-2014-7871: SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.65%
73.5th percentile
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | <= 7.4.2 | — |
| open-xchange | open-xchange_appsuite | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.htmlhttp://www.securityfocus.com/archive/1/533936/100/0/threadedhttp://www.securityfocus.com/bid/70982https://exchange.xforce.ibmcloud.com/vulnerabilities/98563http://packetstormsecurity.com/files/129020/OX-App-Suite-7.6.0-SQL-Injection.htmlhttp://www.securityfocus.com/archive/1/533936/100/0/threadedhttp://www.securityfocus.com/bid/70982https://exchange.xforce.ibmcloud.com/vulnerabilities/98563
2014-11-21
Published