CVE-2014-2303

Name of the Vulnerable Software and Affected Versions webEdition CMS versions prior to 6.2.7-s1.2 webEdition CMS versions 6.3.x through 6.3.8

Description The issue concerns SQL injection vulnerabilities in the file browser component of webEdition CMS. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by manipulating the table or order parameters.

Recommendations For versions prior to 6.2.7-s1.2, update to version 6.2.7-s1.2 or later. For versions 6.3.x through 6.3.8, update to a version after 6.3.8 or apply the necessary patch. As a temporary workaround, consider restricting access to the we fs.php file and limiting the use of the table and order parameters in the file browser component.