SQL Injection Vulnerabilities in webEdition CMS by webEdition
CVE-2014-2303

Currently unrated

Key Information:

Vendor: Webedition
Status: Webedition Cms
Vendor: CVE Published:; 13 June 2014

What is CVE-2014-2303?

Multiple SQL injection vulnerabilities exist in the file browser component of webEdition CMS prior to version 6.2.7-s1.2 and from 6.3.0 to 6.3.8. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via manipulated parameters (specifically, the table or order parameter). Successful exploitation could grant attackers access to sensitive data or system alterations, necessitating immediate remediation for affected versions.

References

http://www.securityfocus.com/archive/1/532231/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/126862/webEdition-CM...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/May/148

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2014
Vulnerability Reserved
Mar 6, 2014

JSON

Webedition

What is CVE-2014-2303?

References

Timeline