Vulnerability Note VU#110532
Subrion CMS vulnerable to SQL injection by an authenticated user
Subrion CMS is vulnerable to SQL injection from authenticated users when a browser cookie is modified in a certain way.
Subrion is an open source web-based content management system (CMS). Subrion is vulnerable to SQL injection due to deserialization of untrusted data from a browser cookie.
CWE-502: Deserialization of Untrusted Data
An authenticated remote user may execute arbitrary SQL statements on Subrion's database.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Subrion||Affected||03 Apr 2015||20 Apr 2015|
CVSS Metrics (Learn More)
Thanks to Jack Baker for reporting this vulnerability to us, and to Subrion for quickly addressing this issue.
This document was written by Garret Wassermann.
- CVE IDs: Unknown
- Date Public: 27 Apr 2015
- Date First Published: 08 May 2015
- Date Last Updated: 08 May 2015
- Document Revision: 46
If you have feedback, comments, or additional information about this vulnerability, please send us email.