CVE-2014-2303
NONE EPSS 83.2%
Published Jun 13, 201412y ago · Modified Jun 17, 20262w ago
Published Jun 13, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Threat Intelligence
EPSS Exploit Probability
83.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| webedition | webedition_cms | 6.2.7.0 | any |
| webedition | webedition_cms | 6.3.3.0 | any |
| webedition | webedition_cms | 6.3.8.0 | any |
References 6
- packetstormsecurity.com http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html
- seclists.org http://seclists.org/fulldisclosure/2014/May/148
- securityfocus.com http://www.securityfocus.com/archive/1/532231/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/67689
- webedition.org http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht
- redteam-pentesting.de https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.