CVE-2015-1423

EPSS 1.8%

Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencepacketstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.htmlunverified cve_referencewww.exploit-db.com/exploits/35767unverified exploitdbwww.exploit-db.com/exploits/35767unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/show/osvdb/116968 http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99976 http://www.exploit-db.com/exploits/35767 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php