CVE

Id
72684  
CVE No.
CVE-2014-5387  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.  
Phase
Assigned (20140822)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
685402 72684 CVE-2014-5387 FULLDISC:20141103 CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core  View
685403 72684 CVE-2014-5387 URL:http://seclists.org/fulldisclosure/2014/Nov/2  View
685404 72684 CVE-2014-5387 MISC:https://ellislab.com/expressionengine/user-guide/about/changelog.html  View
685405 72684 CVE-2014-5387 MISC:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5387  View
685406 72684 CVE-2014-5387 MISC:http://packetstormsecurity.com/files/128946/EllisLab-ExpressionEngine-Core-SQL-Injection.html  View
685407 72684 CVE-2014-5387 BID:70875  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
16720 JVNDB-2014-005595 複数の Huawei 製品におけるクロスサイトリクエストフォージェリの脆弱性 複数の Huawei 製品には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2014-5395 72684 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005595.html  View