Description
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
Exploits (1)
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/130326/u5CMS-3.9.3-SQL-Injection.html
Exploit x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5225.php
Scores
EPSS
0.0083
EPSS Percentile
74.6%
Details
CWE
CWE-89
Status
published
Products (1)
yuba/u5cms
< 3.9.3
Published
Feb 11, 2015
Tracked Since
Feb 18, 2026