|Date: (C)2009-09-25 (M)2015-12-16|| |
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information.
|CVSS Score: 6.5||Access Vector: NETWORK|
|Exploit Score: 8.0||Access Complexity: LOW|
|Impact Score: 6.4||Authentication: SINGLE_INSTANCE|
| ||Confidentiality: PARTIAL|
| ||Integrity: PARTIAL|
| ||Availability: PARTIAL|