CVE-2015-2564
published 2015-03-20CVE-2015-2564: SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the…
PriorityP341medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
3.13%
86.2th percentile
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| projectsend | projectsend | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p6mv-98h5-3r5j: SQL injection vulnerability in client-edit
ghsa_unreviewed·2022-05-14
CVE-2015-2564 [MEDIUM] CWE-89 GHSA-p6mv-98h5-3r5j: SQL injection vulnerability in client-edit
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
Red Hat
chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
vendor_redhat·2016-01-24·CVSS 7.6
CVE-2016-2052 [HIGH] chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947.
Package: harfbuzz (Red Hat Enterprise Linux 7) - Will not fix
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/119169http://packetstormsecurity.com/files/130691/ProjectSend-r561-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Mar/30http://www.exploit-db.com/exploits/36303http://www.itas.vn/news/itas-team-found-out-a-SQL-Injection-vulnerability-in-projectsend-r561-76.htmlhttp://www.securityfocus.com/archive/1/534832/100/0/threadedhttp://osvdb.org/show/osvdb/119169http://packetstormsecurity.com/files/130691/ProjectSend-r561-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Mar/30http://www.exploit-db.com/exploits/36303http://www.itas.vn/news/itas-team-found-out-a-SQL-Injection-vulnerability-in-projectsend-r561-76.htmlhttp://www.securityfocus.com/archive/1/534832/100/0/threaded
2015-03-20
Published