IQID:13918 HTTP Subrion CMS SQL Injection Vulnerability S

IQID: 13918 - October 2016

A remote sql-injection web vulnerability has been discovered in the Subrion v4.0.5 content management system. The vulnerability allows remote attackers to execute own malicious sql commands to compromise the application or dbms. The sql-injection vulnerability is located in the `query` and ` show_query` parameters of the `.database/sql/` module POST method request. Remote attackers are able to execute own sql commands by usage of the insecure sql management tool request. The attack vector of the vulnerability is application-side and the request method to inject is POST. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.0. Exploitation of the remote sql injection web vulnerability requires no user interaction and a low privileged web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.

A Full Description is available for this threat, please sign in for access to Full Description.

 

Attack Data

Attack Data is available for this threat, please sign in for access to Attack Data.

 

CVSS Information

CVSS Information is available for this threat, please sign in for access to CVSS Information.

 

Date

Date Information is available for this threat, please sign in for access to Date Information.