Vulnerabilities > Sefrengo

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-07	CVE-2015-5052	SQL Injection vulnerability in Sefrengo SQL injection vulnerability in Sefrengo before 1.6.5 beta2. network low complexity sefrengo CWE-89	7.5
2015-02-03	CVE-2015-1428	SQL Injection vulnerability in Sefrengo 1.6.0/1.6.1 Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php. network low complexity sefrengo CWE-89	7.5
2015-01-08	CVE-2015-0919	SQL Injection vulnerability in Sefrengo 1.6.0 Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. network low complexity sefrengo CWE-89	7.5
2015-01-08	CVE-2015-0918	Cross-site Scripting vulnerability in Sefrengo 1.6.0 Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. network sefrengo CWE-79	4.3

Vulnerabilities > Sefrengo {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sefrengo"}]}