Description
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/38292/
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/374092
Scores
EPSS
0.0362
EPSS Percentile
87.9%
Details
CWE
CWE-89
Status
published
Products (1)
refbase/refbase
< 0.9.6
Published
Sep 28, 2015
Tracked Since
Feb 18, 2026