CVE-2017-14600
https://notcve.org/view.php?id=CVE-2017-14600
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. Pragyan CMS v3.0 es vulnerable a una inyección SQL basada en errores en cms/admin.lib.php mediante $_GET['del_black']. Esto deriva en una divulgación de información. • https://github.com/delta/pragyan/issues/228 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-14601
https://notcve.org/view.php?id=CVE-2017-14601
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. Pragyan CMS v3.0 es vulnerable a una inyección SQL basada en valores booleanos en cms/admin.lib.php mediante $_GET['forwhat']. Esto deriva en una divulgación de información. • https://github.com/delta/pragyan/issues/228 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-4627
https://notcve.org/view.php?id=CVE-2015-4627
SQL injection vulnerability in Pragyan CMS 3.0. Existe una vulnerabilidad de inyección SQL en Pragyan CMS 3.0. • https://github.com/delta/pragyan/issues/207 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-1471 – Pragyan CMS 3.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-1471
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. Vulnerabilidad de inyección SQL en userprofile.lib.php en Pragyan CMS 3.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro user en la URI por defecto. • https://www.exploit-db.com/exploits/35991 http://pastebin.com/ip2gGYuS http://seclists.org/fulldisclosure/2015/Feb/18 http://seclists.org/oss-sec/2015/q1/402 http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309 https://github.com/delta/pragyan/issues/206 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-6500 – Pragyan CMS 3.0 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2012-6500
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. Vulnerabilidad de salto de directorio en download.lib.php en Pragyan CMS 3.0 y anteriores permite a atacantes remotos leer archivos arbitrarios a través de un ..(punto punto) en el parámetro "fileget" en una acción profile al index.php. • https://www.exploit-db.com/exploits/18347 http://www.exploit-db.com/exploits/18347 http://www.osvdb.org/82585 http://www.securityfocus.com/bid/51360 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •