Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue,  3 Feb 2015 17:54:17 -0500 (EST)
From: cve-assign@...re.org
To: steffen.roesemann1986@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Attackers can exploit that vulnerability by appending arbitrary SQL queries
> to a registered users profile id without being authenticated.
> 
> /user:1%27+and+1=2+union+select+database%28%29,version%28%29,3+--+
> 
> http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html
> https://github.com/delta/pragyan/issues/206
> http://pastebin.com/ip2gGYuS
> http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html
> http://seclists.org/fulldisclosure/2015/Feb/18

Use CVE-2015-1471.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU0VCfAAoJEKllVAevmvmsI60H/ilF12jFosK4ISdLVWrF13Uq
kh0bzif+CUb7sog+InOQvVKM6V0Ci+39BjIzEkU5EQRWZQyVedMQaRYp7zMkPyUO
aNLOM8DvMGFXrzRE8/ofTUa1Bq1K4vlA46YOfsm2VAbwxvGDkFEHW39sGpJyw1SL
Qn3hrBhGfCdevFXrh8ZKvMmo/rVi4/kAazfZezYNOos4qlTTxLGFljl9rzJVsI8d
v+MhkzD/+0sf/27pUczwLdd8XRfd0qWbTCVq8z1T/s9qKj7sq54uJZQlDsnhpKcC
RLGlsX2EgqzjFOBWEnIlNZw74VYySOkR7ztuyWDRKtz0khhBviFA7ZpDxMqYEE4=
=DrF7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.