CVE-2015-7999
HIGHCitrix Command Center <5.1.36.7, <5.2.44.11 - SQL Injection
Title source: llmDescription
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX203787
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034520
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79659
Scores
CVSS v3
8.1
EPSS
0.0047
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-89
Status
published
Products (2)
citrix/command_center
5.1
citrix/command_center
5.2
Published
Apr 14, 2016
Tracked Since
Feb 18, 2026