NVD

Id
24311  
Name
CVE-2015-2183  
Description
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-03-10  
Modified Date
2015-07-28  
Seq
2015-2183  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
128691 24311 CVE-2015-2183 http://packetstormsecurity.com/files/130487/Zeuscart-4-Cross-Site-Scripting-SQL-Injection.html  View
128692 24311 CVE-2015-2183 20150223 ECommerce-Shopping Cart Zeuscart v. 4: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities  View
128693 24311 CVE-2015-2183 [oss-security] 20150223 CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities  View
128694 24311 CVE-2015-2183 [oss-security] 20150302 Re: CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities  View
128695 24311 CVE-2015-2183 http://sroesemann.blogspot.de/2015/01/sroeadv-2015-12.html  View
128696 24311 CVE-2015-2183 36159  View
128697 24311 CVE-2015-2183 72761  View
128698 24311 CVE-2015-2183 https://github.com/ZeusCart/zeuscart/issues/28  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6453 JVNDB-2015-001773 ZeusCart の管理バックエンドにおける SQL インジェクションの脆弱性 ZeusCart の管理バックエンドには、SQL インジェクションの脆弱性が存在します。 CVE-2015-2183 79408 CVE-2015-2183 24311 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001773.html 2015-01-21 2015-03-13 View