CVE-2015-7903

Infinite Automation Mango Automation <2.6.0 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View on exploitdb

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

Scores

EPSS 0.0049

EPSS Percentile 65.2%

Classification

CWE

CWE-89

Status draft

Affected Products (3)

infinite_automation_systems/mango_automation

Timeline

Published Oct 28, 2015

Tracked Since Feb 18, 2026