ID CVE-2015-7570
Summary Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.
References
Vulnerable Configurations
  • cpe:2.3:a:yeager:yeager_cms:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:yeager:yeager_cms:1.2.1:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 09-10-2018 - 19:58)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bugtraq 20160210 SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities
exploit-db 39436
fulldisc 20160210 SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities
misc http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html
vulnerable_product via4 cpe:2.3:a:yeager:yeager_cms:1.2.1:*:*:*:*:*:*:*
Last major update 09-10-2018 - 19:58
Published 24-04-2017 - 18:59
Back to Top