PT-2015-5277 · Gecko · Gecko Cms
Gjoko Krstic
·
Publicado
2015-01-29
·
Atualizado
2017-09-08
·
CVE-2015-1423
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Gecko CMS versions 2.2 through 2.3
Description
The issue allows remote administrators to execute arbitrary SQL commands. This is achieved via the
jak delete log[] or ssp parameter to the "admin/index.php" endpoint.Recommendations
For Gecko CMS versions 2.2 through 2.3, consider restricting access to the
admin/index.php endpoint until a patch is available. As a temporary workaround, avoid using the jak delete log[] and ssp parameters in the affected endpoint to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gecko Cms