MidnightBSD

Advisories for cubicfactory

CVE-2014-1619 HIGH

Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
cubicfactory cubic_cms 5.2
cubicfactory cubic_cms 5.1.2
cubicfactory cubic_cms 5.1.1