28 Déc 2015

CVE-2015-7791

Publié par . Publié dans SQL Injection

Vulnerability Details :

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search

or (2) switch parameter.
Publish Date : 2015-12-29 Last Update Date : 2015-12-30

- CVSS Scores & Vulnerability Types

CVSS Score	6.5
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial(There is reduced performance or interruptions in resource availability.)
Access Complexity	Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Single system(The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access	None
Vulnerability Type(s)	Execute CodeSql Injection
CWE ID	89

- Products Affected By CVE-2015-7791

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Welcart	Welcart	1.5.2		~~~wordpress~~		Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Welcart	Welcart	1

- References For CVE-2015-7791

http://www.welcart.com/community/archives/76035 CONFIRM

http://jvn.jp/en/jp/JVN43344629/index.html
JVN JVN#43344629

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000200
JVNDB JVNDB-2015-000200

- Metasploit Modules Related To CVE-2015-7791

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)

CVE-2015-7791

Vulnerability Details :

- CVSS Scores & Vulnerability Types

- Products Affected By CVE-2015-7791

- Number Of Affected Versions By Product

- References For CVE-2015-7791

- Metasploit Modules Related To CVE-2015-7791

Pour nous Contacter

Newsletter Cybersécurité

Ressources Sécurité

Notre expertise cybersécurité validée par de multiples certifications internationales