CVE-2015-1471
published 2015-02-12CVE-2015-1471: SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.80%
88.7th percentile
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tika | — | — |
| pragyan_cms_project | pragyan_cms | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_apache5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7c84-xmm4-5pcv: SQL injection vulnerability in userprofile
ghsa_unreviewed·2022-05-17
CVE-2015-1471 [HIGH] CWE-89 GHSA-7c84-xmm4-5pcv: SQL injection vulnerability in userprofile
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
Apache
Apache tika: CVE-2015-3271
vendor_apache·CVSS 5.3
CVE-2015-3271 [MEDIUM] Apache tika: CVE-2015-3271
Apache tika: CVE-2015-3271
Remote Access to host files via tika-server Tim Allison 1.9?-1.10 PDFBOX-2811 Apache PDFBox - Infinite Loop Andreas Lehmkühler ?-1.10 PDFBOX-2200 Apache PDFBox - Slowly building memory leak because of static caching of fonts Matthew Buckett ?-1.6 TIKA-1471 Apache PDFBox - OOM with corrupt PDF Alan Burlison ?-1.6 TIKA-788 Infinite Loop in DWG Stas Shaposhnikov ?-1.4? TIKA-1132 Apache POI - Nearly Infinite Loop in XLS Ryan Krueger ?-1.4 TIKA-1179 Infinite Loop in corrupt MP3 Marius Dumitru Florea ?-1.4 TIKA-866 OOM reading Tika config file Stephan Mühlstrasser ?-1.1 Third party vulnerabilities that may or may not be triggerable via regular use of Apache Tika. CVE or Vulnerability Description Reporter Affected Versions
No detection rules found.
No writeups or analysis indexed.
http://pastebin.com/ip2gGYuShttp://seclists.org/fulldisclosure/2015/Feb/18http://seclists.org/oss-sec/2015/q1/402http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.htmlhttp://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.htmlhttps://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309https://github.com/delta/pragyan/issues/206http://pastebin.com/ip2gGYuShttp://seclists.org/fulldisclosure/2015/Feb/18http://seclists.org/oss-sec/2015/q1/402http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.htmlhttp://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.htmlhttps://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309https://github.com/delta/pragyan/issues/206
2015-02-12
Published