CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities


computer pitch

computer_virus_low_frame_rates_vfxg

CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities

Exploit Title: CVE-2015-2242 Webshop hun v1.062S /index.php Multiple Parameters SQL Injection Web Security Vulnerabilities

Product: Webshop hun

Vendor: Webshop hun

Vulnerable Versions: v1.062S

Tested Version: v1.062S

Advisory Publication: Mar 04, 2015

Latest Update: Mar 04, 2015

Vulnerability Type: Improper Control of Generation of Code (‘Code Injection’) [CWE-94]

CVE Reference: CVE-2015-2242

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Report and Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)

Persuasion Details:

(1) Vendor & Product Description:

Vendor:

Webshop hun

Product & Version:

Webshop hun

v1.062S

Vendor URL & Download:

Webshop…

View original post 339 more words

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s