CVE-2015-6009

{"id": "CVE-2015-6009", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-28T02:59:05.263", "references": [{"url": "http://www.kb.cert.org/vuls/id/374092", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://www.exploit-db.com/exploits/38292/", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Web Reference Database (tambi\u00e9n conocida como refbase) hasta la versi\u00f3n 0.9.6, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de el par\u00e1metro (1) where a rss.php o (2) sqlQuery a search.php, un problema diferente a CVE-2015-7382."}], "lastModified": "2017-09-16T01:29:02.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:refbase:refbase:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CF8564D-694F-4473-A7E8-AA390920219D", "versionEndIncluding": "0.9.6"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}