SQL Injection in Intelliants Subrion_cms

CVE-2015-4129

SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.

Vulnerability class: SQL Injection

EPSS: 0.008 (74.5th percentile) — read the EPSS interpretation.

Affected products

Intelliants Subrion_cms
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
VU#110532 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
74570 (vdb-entry, x_refsource_BID)