CVE-2015-7999 — SQL Injection in Citrix Command Center

CWE-89 — SQL Injection5 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.5%

top 35.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Command Center Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedApr 14

Latest updateMay 14

Description

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages8 packages

▶NVDcitrix/command_center5.1, 5.2+1

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

🔴Vulnerability Details

GHSA

GHSA-4rq8-fqpc-3h6r: Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin church_admin 0.800 - Persistent Cross-Site Scripting↗2015-05-26

▶

📋Vendor Advisories

Citrix

CVE-2015-7999: Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11↗2016-04-14

▶

Citrix

Citrix Security Bulletin CTX203787↗

▶