Vulnerabilities > CVE-2015-7570 - Server-Side Request Forgery (SSRF) vulnerability in Yeager CMS 1.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Yeager CMS 1.2.1 - Multiple Vulnerabilities. CVE-2015-7567,CVE-2015-7568,CVE-2015-7569,CVE-2015-7570,CVE-2015-7571,CVE-2015-7572. Webapps exploit for php pla... |
| file | exploits/php/webapps/39436.txt |
| id | EDB-ID:39436 |
| last seen | 2016-02-11 |
| modified | 2016-02-10 |
| platform | php |
| port | 80 |
| published | 2016-02-10 |
| reporter | SEC Consult |
| source | https://www.exploit-db.com/download/39436/ |
| title | Yeager CMS 1.2.1 - Multiple Vulnerabilities |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/135716/SA-20160210-0.txt |
| id | PACKETSTORM:135716 |
| last seen | 2016-12-05 |
| published | 2016-02-11 |
| reporter | P. Morimoto |
| source | https://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html |
| title | Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF |