Vulnerability Description
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id parameter to cp/edit_email.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Createch-Group | Lisk Cms | 4.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/39912Vendor Advisory
- http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms.htmlExploit
- http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms_1.htmlExploit
- http://secunia.com/advisories/39912Vendor Advisory
- http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms.htmlExploit
- http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_lisk_cms_1.htmlExploit
FAQ
What is CVE-2010-2015?
CVE-2010-2015 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id para...
How severe is CVE-2010-2015?
CVE-2010-2015 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2015?
Check the references section above for vendor advisories and patch information. Affected products include: Createch-Group Lisk Cms.