Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-24T21:00:00

Updated: 2024-08-06T08:13:32.475Z

Reserved: 2015-11-25T00:00:00

Link: CVE-2015-8355

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-24T21:29:00.270

Modified: 2024-11-21T02:38:21.420

Link: CVE-2015-8355

cve-icon Redhat

No data.