Vulnerability Description
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codelogic | Freichat | 9.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.htmlExploit
- http://security.szurek.pl/freichat-96-sql-injection.htmlExploit
- https://www.exploit-db.com/exploits/37592/Exploit
- http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.htmlExploit
- http://security.szurek.pl/freichat-96-sql-injection.htmlExploit
- https://www.exploit-db.com/exploits/37592/Exploit
FAQ
What is CVE-2015-6512?
CVE-2015-6512 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to ser...
How severe is CVE-2015-6512?
CVE-2015-6512 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6512?
Check the references section above for vendor advisories and patch information. Affected products include: Codelogic Freichat.