1 results (0.001 seconds)
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 5
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 5CVE-2014-5387 – EllisLab ExpressionEngine Core SQL Injection
https://notcve.org/view.php?id=CVE-2014-5387
04 Nov 2014 — Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. Múltiples vulnerabilidades de inyección SQL en EllisLab ExpressionEngine anterior a 2.9.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) column_filter o (2) c... • https://packetstorm.news/files/id/128946 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •