CVE-2015-5644

ICZ MATCHA SNS < 1.3.6 - Remote Code Execution via Database Misconfiguration

Title source: manual
STIX 2.1

Description

The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN08535069/index.html
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000145
Vendor Advisory x_refsource_confirm
http://oss.icz.co.jp/news/?p=1075

Scores

EPSS 0.0132
EPSS Percentile 67.3%

Details

CWE
CWE-94
Status published
Products (1)
icz/matchasns < 1.3.6
Published Oct 06, 2015
Tracked Since Feb 18, 2026