Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-4669 β€” SQL Injection in Xsuite

CWE-89 β€” SQL Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 52.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xceedium Xsuite
Timeline
PublishedSep 25
Latest updateMay 14

Description

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDxceedium/xsuite2.3.0, 2.4.3.0+1

πŸ”΄Vulnerability Details

2
GHSA
GHSA-5738-w455-jqx4: The MySQL "root" user in Xsuite 2β†—2022-05-14
β–Ά
CVEList
CVE-2015-4669: The MySQL "root" user in Xsuite 2β†—2017-09-25
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Xceedium Xsuite - Multiple Vulnerabilities↗2015-07-27
β–Ά
CVE-2015-4669 β€” SQL Injection in Xceedium Xsuite | cvebase