CVE-2014-1466

SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/101867
http://packetstormsecurity.com/files/124724/cspmysql-sql.txt
http://secunia.com/advisories/56348
http://www.securityfocus.com/bid/64731
https://exchange.xforce.ibmcloud.com/vulnerabilities/90210
http://osvdb.org/101867
http://packetstormsecurity.com/files/124724/cspmysql-sql.txt
http://secunia.com/advisories/56348
http://www.securityfocus.com/bid/64731
https://exchange.xforce.ibmcloud.com/vulnerabilities/90210

Configurations

Configuration 1 (hide)

cpe:2.3:a:csp_mysql_user_manager_project:csp_mysql_user_manager:2.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://osvdb.org/101867 -~~	() http://osvdb.org/101867 -
References	~~() http://packetstormsecurity.com/files/124724/cspmysql-sql.txt -~~	() http://packetstormsecurity.com/files/124724/cspmysql-sql.txt -
References	~~() http://secunia.com/advisories/56348 -~~	() http://secunia.com/advisories/56348 -
References	~~() http://www.securityfocus.com/bid/64731 -~~	() http://www.securityfocus.com/bid/64731 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/90210 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/90210 -

Information

Published : 2014-01-15 16:08

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1466

Mitre link : CVE-2014-1466

CVE.ORG link : CVE-2014-1466

JSON object : View

Products Affected

csp_mysql_user_manager_project

csp_mysql_user_manager

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2014-1466", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-15T16:08:18.640", "references": [{"url": "http://osvdb.org/101867", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/124724/cspmysql-sql.txt", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/56348", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/64731", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90210", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/101867", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/124724/cspmysql-sql.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/56348", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/64731", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90210", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de SQL en CSP MySQL User Manager 2.3 permite a atacantes remotos ejecutar comandos de SQL arbitrarios a trav\u00e9s del campo de login de la p\u00e1gina de inicio de sesi\u00f3n."}], "lastModified": "2024-11-21T02:04:18.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:csp_mysql_user_manager_project:csp_mysql_user_manager:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E47C8C-0A86-4607-AE16-5F04617098BA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}