← back
CVE-2015-8355

CVE-2015-8355

EPSS 1.7%
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.htbridge.com/advisory/HTB23280http://www.securityfocus.com/archive/1/537130/100/0/threaded