CVE-2014-4034

Vulnerability Description

SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://packetstormsecurity.com/files/127005/ZeroCMS-1.0-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry
• http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry
• http://seclists.org/fulldisclosure/2015/Feb/4Mailing ListThird Party Advisory
• http://seclists.org/oss-sec/2015/q1/379Mailing ListThird Party Advisory
• http://seclists.org/oss-sec/2015/q1/380Mailing ListThird Party Advisory
• http://secunia.com/advisories/59182
• http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.htmlNot Applicable
• http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.htmlNot Applicable
• http://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.htmlNot Applicable
• http://www.exploit-db.com/exploits/33702ExploitThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/bid/67953Not ApplicableVDB Entry
• http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5186.phpExploitThird Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/100588
• http://packetstormsecurity.com/files/127005/ZeroCMS-1.0-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry
• http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.htmlExploitThird Party AdvisoryVDB Entry