CVE-2015-7382

Refbase < 0.9.6 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.

Exploits (1)

exploitdb WORKING POC

by Mohab Ali · textwebappsphp

https://www.exploit-db.com/exploits/38292

View Code ZIP pw:eip

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/374092

Scores

EPSS 0.0362

EPSS Percentile 87.9%

Details

CWE

CWE-89

Status published

Products (1)

refbase/refbase < 0.9.6

Published Sep 28, 2015

Tracked Since Feb 18, 2026