Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 6 Jan 2015 22:48:02 +0100
From: Steffen Rösemann <>
Subject: CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities

Hello Josh, Steve, vendors, list.

I found two SQL injection vulnerabilities and a reflecting XSS
vulnerability in the content management system Sefrengo v. 1.6.0.

They all reside in the administrative backend of the CMS in the following
paths of a common installation:

SQL injection vulnerabilities:


XSS vulnerability:


The SQL injection vulnerabilities can be exploited via the parameters
"idcat" and "idclient". The XSS vulnerability can be exploited via the
parameter "searchterm".

Could you please assign a CVE-ID / CVE-IDs for it?

Thank you!


Steffen Rösemann



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ