Vulnerabilities > Sefrengo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-07 | CVE-2015-5052 | SQL Injection vulnerability in Sefrengo SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | 7.5 |
2015-02-03 | CVE-2015-1428 | SQL Injection vulnerability in Sefrengo 1.6.0/1.6.1 Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php. | 7.5 |
2015-01-08 | CVE-2015-0919 | SQL Injection vulnerability in Sefrengo 1.6.0 Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | 7.5 |
2015-01-08 | CVE-2015-0918 | Cross-site Scripting vulnerability in Sefrengo 1.6.0 Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. | 4.3 |