NVD

Id
30095  
Name
CVE-2014-1459  
Description
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-02-11  
Modified Date
2014-02-21  
Seq
2014-1459  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
158414 30095 CVE-2014-1459 http://packetstormsecurity.com/files/125078  View
158415 30095 CVE-2014-1459 31521  View
158416 30095 CVE-2014-1459 20140205 SQL Injection in doorGets CMS  View
158417 30095 CVE-2014-1459 65439  View
158418 30095 CVE-2014-1459 doorgets-cve20141459-sql-injection(90967)  View
158419 30095 CVE-2014-1459 https://github.com/doorgets/doorGets/commit/6b81541fc1e5dd1c70614585c1a04d04ccdb3b19  View
158420 30095 CVE-2014-1459 https://www.htbridge.com/advisory/HTB23197  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12518 JVNDB-2014-001393 doorGets CMS の dg-admin/index.php における SQL インジェクションの脆弱性 doorGets CMS の dg-admin/index.php には、SQL インジェクションの脆弱性が存在します。 CVE-2014-1459 68746 CVE-2014-1459 30095 6.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001393.html 2014-01-15 2014-02-13 View