Vulnerability-Lookup

CNVD-2015-01954

Vulnerability from cnvd - Published: 2015-03-25

Title

MetalGenix GeniXCMS SQL注入漏洞

Description

MetalGenix GeniXCMS是一款内容管理系统。 MetalGenix GeniXCMS存在SQL注入漏洞。允许攻击者利用此漏洞提交特制的SQL查询，操作或获取数据库数据。

Severity

高

Patch Name

MetalGenix GeniXCMS SQL注入漏洞的补丁

Patch Description

MetalGenix GeniXCMS是一款内容管理系统。 MetalGenix GeniXCMS存在SQL注入漏洞。允许攻击者利用此漏洞提交特制的SQL查询，操作或获取数据库数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2679

Impacted products

Name
MetalGenix GeniXCMS < 0.0.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2679"
    }
  },
  "description": "MetalGenix GeniXCMS\u662f\u4e00\u6b3e\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nMetalGenix GeniXCMS\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684SQL\u67e5\u8be2\uff0c\u64cd\u4f5c\u6216\u83b7\u53d6\u6570\u636e\u5e93\u6570\u636e\u3002",
  "discovererName": "Gjoko \u0027LiquidWorm\u0027 Krstic",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01954",
  "openTime": "2015-03-25",
  "patchDescription": "MetalGenix GeniXCMS\u662f\u4e00\u6b3e\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nMetalGenix GeniXCMS\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684SQL\u67e5\u8be2\uff0c\u64cd\u4f5c\u6216\u83b7\u53d6\u6570\u636e\u5e93\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MetalGenix GeniXCMS SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "MetalGenix GeniXCMS \u003c 0.0.2"
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2679",
  "serverity": "\u9ad8",
  "submitTime": "2015-03-24",
  "title": "MetalGenix GeniXCMS SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2015-2679 (GCVE-0-2015-2679)

Vulnerability from cvelistv5 – Published: 2015-03-23 16:00 – Updated: 2024-08-06 05:24

Summary

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://blog.metalgenix.com/update-security-fix-an…	x_refsource_CONFIRM
	http://osvdb.org/show/osvdb/119392	vdb-entryx_refsource_OSVDB
	https://github.com/semplon/GeniXCMS/issues/7	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/36321	exploitx_refsource_EXPLOIT-DB
	https://github.com/semplon/GeniXCMS/commit/698245…	x_refsource_CONFIRM
	http://blog.metalgenix.com/genixcms-v0-0-2-releas…	x_refsource_CONFIRM
	http://www.zeroscience.mk/en/vulnerabilities/ZSL-…	x_refsource_MISC
	http://www.securityfocus.com/bid/73297	vdb-entryx_refsource_BID
	http://osvdb.org/show/osvdb/119393	vdb-entryx_refsource_OSVDB
	http://packetstormsecurity.com/files/130770/GeniX…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16"
          },
          {
            "name": "119392",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/119392"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/semplon/GeniXCMS/issues/7"
          },
          {
            "name": "36321",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/36321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php"
          },
          {
            "name": "73297",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73297"
          },
          {
            "name": "119393",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/119393"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-01T15:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16"
        },
        {
          "name": "119392",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/show/osvdb/119392"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/semplon/GeniXCMS/issues/7"
        },
        {
          "name": "36321",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/36321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php"
        },
        {
          "name": "73297",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73297"
        },
        {
          "name": "119393",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/show/osvdb/119393"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2679",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16",
              "refsource": "CONFIRM",
              "url": "http://blog.metalgenix.com/update-security-fix-and-add-newsletter-module/16"
            },
            {
              "name": "119392",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/show/osvdb/119392"
            },
            {
              "name": "https://github.com/semplon/GeniXCMS/issues/7",
              "refsource": "CONFIRM",
              "url": "https://github.com/semplon/GeniXCMS/issues/7"
            },
            {
              "name": "36321",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/36321"
            },
            {
              "name": "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815",
              "refsource": "CONFIRM",
              "url": "https://github.com/semplon/GeniXCMS/commit/698245488343396185b1b49e7482ee5b25541815"
            },
            {
              "name": "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17",
              "refsource": "CONFIRM",
              "url": "http://blog.metalgenix.com/genixcms-v0-0-2-release-security-and-bug-fixes/17"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5232.php"
            },
            {
              "name": "73297",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73297"
            },
            {
              "name": "119393",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/show/osvdb/119393"
            },
            {
              "name": "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/130770/GeniXCMS-0.0.1-SQL-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2679",
    "datePublished": "2015-03-23T16:00:00",
    "dateReserved": "2015-03-23T00:00:00",
    "dateUpdated": "2024-08-06T05:24:38.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-01954

CVE-2015-2679 (GCVE-0-2015-2679)

Tags

Sightings

Nomenclature