CVE-2015-6512
published 2015-08-18CVE-2015-6512: SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.55%
83.1th percentile
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codelogic | freichat | — | — |
| perl | perl | >= 0 < 5.18.2-2ubuntu1.4 | 5.18.2-2ubuntu1.4 |
| perl | perl | >= 0 < 5.22.1-9ubuntu0.3 | 5.22.1-9ubuntu0.3 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q7g5-m6wc-m8m7: SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom
ghsa_unreviewed·2022-05-17
CVE-2015-6512 [MEDIUM] CWE-89 GHSA-q7g5-m6wc-m8m7: SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
OSV
perl vulnerabilities
osv·2018-04-16·CVSS 7.5
CVE-2015-8853 perl vulnerabilities
perl vulnerabilities
It was discovered that Perl incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause Perl to
hang, resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS. (CVE-2015-8853)
It was discovered that Perl incorrectly loaded libraries from the current
working directory. A local attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-6185)
It was discovered that Perl incorrectly handled the rmtree and remove_tree
functions. A local attacker could possibly use this issue to set the mode
on arbitrary files. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-6512)
Brian Carpenter discovered that Perl incorre
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.htmlhttp://security.szurek.pl/freichat-96-sql-injection.htmlhttps://www.exploit-db.com/exploits/37592/http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.htmlhttp://security.szurek.pl/freichat-96-sql-injection.htmlhttps://www.exploit-db.com/exploits/37592/
2015-08-18
Published