CVE-2016-9333

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Moxa Softcms Prior To Version 1.6
Vendor: CVE Published:; 13 February 2017

Summary

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).

Affected Version(s)

Moxa SoftCMS prior to Version 1.6 Moxa SoftCMS prior to Version 1.6

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02

x_refsource_MISC

http://www.securityfocus.com/bid/94394

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Nov 16, 2016