mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
799 B
799 B
CVE-2015-7568
Description
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
POC
Reference
- http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html
- http://seclists.org/fulldisclosure/2016/Feb/44
- https://www.exploit-db.com/exploits/39436/
Github
No PoCs found on GitHub currently.