CVE-2015-1471

Pragyan CMS 3.0 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.

Exploits (1)

exploitdb WRITEUP

by Steffen Rösemann · textwebappsphp

https://www.exploit-db.com/exploits/35991

View Code ZIP pw:eip

References (7)

Core 7

Core References

Exploit x_refsource_misc

http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2015/Feb/18

Issue Tracking x_refsource_misc

https://github.com/delta/pragyan/issues/206

Exploit x_refsource_misc

http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html

Mailing List mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2015/q1/402

Patch x_refsource_confirm

https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309

Exploit x_refsource_misc

http://pastebin.com/ip2gGYuS

Scores

EPSS 0.0541

EPSS Percentile 90.2%

Details

CWE

CWE-89

Status published

Products (1)

pragyan_cms_project/pragyan_cms 3.0

Published Feb 12, 2015

Tracked Since Feb 18, 2026