Description
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
Exploits (1)
References (4)
Core 4
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/9
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.html
Exploit x_refsource_misc
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.html
Vendor Advisory x_refsource_confirm
http://forum.sefrengo.org/index.php?showtopic=3360
Scores
EPSS
0.0100
EPSS Percentile
77.1%
Details
CWE
CWE-89
Status
published
Products (1)
sefrengo/sefrengo
< 1.6.0
Published
Jan 08, 2015
Tracked Since
Feb 18, 2026