Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
References
Link | Resource |
---|---|
http://www.securityfocus.com/archive/1/537130/100/0/threaded | |
https://www.htbridge.com/advisory/HTB23280 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-08-24T21:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2015-11-25T00:00:00
Link: CVE-2015-8355
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-24T21:29:00.270
Modified: 2018-10-09T19:58:27.017
Link: CVE-2015-8355
JSON object: View
Redhat Information
No data.
CWE