CVE-2015-7568

CRITICAL

Yeager CMS 1.2.1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappsphp

https://www.exploit-db.com/exploits/39436

View Code ZIP pw:eip

References (4)

[Exploit, Patch, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html

[Mailing List, Patch, Third Party Advisory] http://seclists.org/fulldisclosure/2016/Feb/44

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/537493/100/0/threaded

[Exploit, Patch, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39436/

Scores

CVSS v3 9.8

EPSS 0.0585

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status draft

Affected Products (1)

yeager/yeager_cms

Timeline

Published Apr 24, 2017

Tracked Since Feb 18, 2026