MidnightBSD

Advisories for ellislab

CVE-2014-5387 MEDIUM

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
expressionengine expressionengine 2.8.0
ellislab expressionengine 2.3.1
expressionengine expressionengine 2.1.1
expressionengine expressionengine 2.5.2
ellislab expressionengine 2.7.2
expressionengine expressionengine *
ellislab expressionengine 2.8.1
expressionengine expressionengine 2.2.2
expressionengine expressionengine 2.2.1
ellislab expressionengine 2.5.5
expressionengine expressionengine 2.1.4
expressionengine expressionengine 2.1.3
expressionengine expressionengine 2.5.1
ellislab expressionengine 2..5.4
expressionengine expressionengine 2.2.0
expressionengine expressionengine 2.5.0
ellislab expressionengine 2.0.0
expressionengine expressionengine 2.3.0
expressionengine expressionengine 2.7.0
expressionengine expressionengine 2.6.0
ellislab expressionengine 2.0.2
expressionengine expressionengine 2.1.5
ellislab expressionengine 2.6.1
expressionengine expressionengine 2.1.0
expressionengine expressionengine 2.5.3
expressionengine expressionengine 2.7.3
ellislab expressionengine 2.7.1
expressionengine expressionengine 2.4.0
expressionengine expressionengine 2.1.2
ellislab expressionengine 2.0.1