CVE-2015-5643

ICZ MATCHA INVOICE < 2.5.7 - Remote Code Execution via Database Misconfiguration

Title source: llm
STIX 2.1

Description

The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN66984217/index.html
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000144
Vendor Advisory x_refsource_confirm
http://oss.icz.co.jp/news/?p=1073

Scores

EPSS 0.0132
EPSS Percentile 67.3%

Details

CWE
CWE-94
Status published
Products (1)
icz/matchasns < 1.3.6
Published Oct 06, 2015
Tracked Since Feb 18, 2026