Vulnerability Description
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vastal | Phpvid | 0.9.9 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injec
- http://seclists.org/fulldisclosure/2015/Mar/58
- http://tetraph.com/security/sql-injection-vulnerability/vastal-i-tech-phpvid-1-2
- http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injec
- http://seclists.org/fulldisclosure/2015/Mar/58
- http://tetraph.com/security/sql-injection-vulnerability/vastal-i-tech-phpvid-1-2
FAQ
What is CVE-2015-2563?
CVE-2015-2563 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector ...
How severe is CVE-2015-2563?
CVE-2015-2563 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2563?
Check the references section above for vendor advisories and patch information. Affected products include: Vastal Phpvid.