Vulnerability Description
SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| French National Commission On Informatics And Liberty | Cookieviz | <= 1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-Exploit
- http://seclists.org/fulldisclosure/2014/Nov/3Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98454
- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543Patch
- http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-Exploit
- http://seclists.org/fulldisclosure/2014/Nov/3Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98454
- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543Patch
FAQ
What is CVE-2014-8351?
CVE-2014-8351 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the d...
How severe is CVE-2014-8351?
CVE-2014-8351 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8351?
Check the references section above for vendor advisories and patch information. Affected products include: French National Commission On Informatics And Liberty Cookieviz.