Search

Find a vulnerability

Search criteria

    10 vulnerabilities by pragyan

    VAR-201709-0610

    Vulnerability from variot - Updated: 2025-04-20 23:36

    Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. Pragyan CMS is a multi-user, modular PHP and MySQL-based content management system (CMS). The system supports custom built-in frameworks, user group permission management, search engine optimization, and more. A remote attacker could use this vulnerability to obtain information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201709-0610",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "pragyan cms",
            "version": "3.0"
          },
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pragyan",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pragyan_cms_project:pragyan_cms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          }
        ]
      },
      "cve": "CVE-2017-14601",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-14601",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-34577",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2017-14601",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-14601",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-14601",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34577",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201709-934",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET[\u0027forwhat\u0027], resulting in Information Disclosure. Pragyan CMS is a multi-user, modular PHP and MySQL-based content management system (CMS). The system supports custom built-in frameworks, user group permission management, search engine optimization, and more. A remote attacker could use this vulnerability to obtain information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-14601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-14601",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "id": "VAR-201709-0610",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          }
        ],
        "trust": 0.8991453
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:47.121000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Found 2 SQL injection vulnerabilities #228",
            "trust": 0.8,
            "url": "https://github.com/delta/pragyan/issues/228"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://github.com/delta/pragyan/issues/228"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14601"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14601"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          },
          {
            "date": "2017-10-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "date": "2017-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          },
          {
            "date": "2017-09-19T07:29:00.457000",
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34577"
          },
          {
            "date": "2017-10-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          },
          {
            "date": "2017-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-14601"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008160"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-934"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201709-0609

    Vulnerability from variot - Updated: 2025-04-20 23:35

    Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. Pragyan CMS is a multi-user, modular PHP and MySQL-based content management system (CMS). The system supports custom built-in frameworks, user group permission management, search engine optimization, and more. A remote attacker could use this vulnerability to obtain information using $ _GET ['del_black']

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201709-0609",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "pragyan cms",
            "version": "3.0"
          },
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pragyan",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pragyan_cms_project:pragyan_cms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          }
        ]
      },
      "cve": "CVE-2017-14600",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-14600",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-34576",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2017-14600",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-14600",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-14600",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-34576",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201709-935",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET[\u0027del_black\u0027], resulting in Information Disclosure. Pragyan CMS is a multi-user, modular PHP and MySQL-based content management system (CMS). The system supports custom built-in frameworks, user group permission management, search engine optimization, and more. A remote attacker could use this vulnerability to obtain information using $ _GET [\u0027del_black\u0027]",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-14600"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-14600",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "id": "VAR-201709-0609",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          }
        ],
        "trust": 0.8991453
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:35:46.353000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Found 2 SQL injection vulnerabilities #228",
            "trust": 0.8,
            "url": "https://github.com/delta/pragyan/issues/228"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://github.com/delta/pragyan/issues/228"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14600"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14600"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          },
          {
            "date": "2017-10-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "date": "2017-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          },
          {
            "date": "2017-09-19T07:29:00.287000",
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-34576"
          },
          {
            "date": "2017-10-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          },
          {
            "date": "2017-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-14600"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008159"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-935"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201502-0073

    Vulnerability from variot - Updated: 2025-04-13 23:26

    SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. Pragyan CMS is a content management system. Pragyan CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Pragyan CMS 3.0 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0073",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "pragyan cms",
            "version": "3.0"
          },
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pragyan",
            "version": "3.0"
          },
          {
            "model": "force pragyan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "delta",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "db": "BID",
            "id": "72637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pragyan_cms_project:pragyan_cms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Steffen R\u00f6semann",
        "sources": [
          {
            "db": "BID",
            "id": "72637"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-1471",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-1471",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-01020",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-1471",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-1471",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-01020",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201502-274",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. Pragyan CMS is a content management system. Pragyan CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nA successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nPragyan CMS 3.0 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-1471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "db": "BID",
            "id": "72637"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-1471",
            "trust": 3.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494",
            "trust": 0.8
          },
          {
            "db": "EXPLOITDB",
            "id": "35991",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "35991",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "72637",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "db": "BID",
            "id": "72637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "id": "VAR-201502-0073",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          }
        ],
        "trust": 0.8991453
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:26:47.290000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Update index.php",
            "trust": 0.8,
            "url": "https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309"
          },
          {
            "title": "SQL injection vulnerability in Pragyan CMS v.3 #206",
            "trust": 0.8,
            "url": "https://github.com/delta/pragyan/issues/206"
          },
          {
            "title": "index.php",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53837"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://sroesemann.blogspot.de/2015/02/advisory-for-sroeadv-2015-11.html"
          },
          {
            "trust": 1.6,
            "url": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/delta/pragyan/issues/206"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2015/feb/18"
          },
          {
            "trust": 1.6,
            "url": "http://pastebin.com/ip2ggyus"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/oss-sec/2015/q1/402"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/delta/pragyan/commit/c93bc100ec93fc78940fbdca9b6b009101858309"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1471"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1471"
          },
          {
            "trust": 0.6,
            "url": "http://www.exploit-db.com/exploits/35991/"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/delta/pragyan "
          },
          {
            "trust": 0.3,
            "url": "https://github.com/delta/pragyan/issues/206  "
          },
          {
            "trust": 0.3,
            "url": "http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "db": "BID",
            "id": "72637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "db": "BID",
            "id": "72637"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "date": "2015-01-19T00:00:00",
            "db": "BID",
            "id": "72637"
          },
          {
            "date": "2015-02-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "date": "2015-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          },
          {
            "date": "2015-02-12T16:59:05.050000",
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "date": "2015-01-19T00:00:00",
            "db": "BID",
            "id": "72637"
          },
          {
            "date": "2015-02-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-001494"
          },
          {
            "date": "2015-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-1471"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS SQL Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-274"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201301-0177

    Vulnerability from variot - Updated: 2025-04-11 23:04

    Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. ( Dot dot ) including fileget Arbitrary files may be read via parameters. Pragyan CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks. Pragyan CMS 3.0 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201301-0177",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pragyan cms",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "pragyan cms",
            "version": "3.0"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.5.12"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.5.4"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.6.3"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.6.2"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.5.9"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.5.13"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.5.14"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.6.1"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pragyan cms",
            "version": "2.6.4"
          },
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pragyan cms",
            "version": "3.0"
          },
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pragyan",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "51360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pragyan_cms_project:pragyan_cms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Or4nG.M4N",
        "sources": [
          {
            "db": "BID",
            "id": "51360"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2012-6500",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2012-6500",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-6500",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-6500",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201201-118",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. ( Dot dot ) including fileget Arbitrary files may be read via parameters. Pragyan CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks. \nPragyan CMS 3.0 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-6500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "db": "BID",
            "id": "51360"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-6500",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "51360",
            "trust": 1.9
          },
          {
            "db": "OSVDB",
            "id": "82585",
            "trust": 1.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "18347",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "51360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "id": "VAR-201301-0177",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2991453
      },
      "last_update_date": "2025-04-11T23:04:06.574000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Pragyan CMS",
            "trust": 0.8,
            "url": "http://sourceforge.net/projects/pragyan"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/51360"
          },
          {
            "trust": 1.6,
            "url": "http://www.osvdb.org/82585"
          },
          {
            "trust": 1.6,
            "url": "http://www.exploit-db.com/exploits/18347"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6500"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6500"
          },
          {
            "trust": 0.3,
            "url": "http://sourceforge.net/projects/pragyan/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "51360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "51360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-01-10T00:00:00",
            "db": "BID",
            "id": "51360"
          },
          {
            "date": "2013-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          },
          {
            "date": "2013-01-12T04:33:49.243000",
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-01-10T00:00:00",
            "db": "BID",
            "id": "51360"
          },
          {
            "date": "2013-01-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          },
          {
            "date": "2013-01-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-6500"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS of  download.lib.php Vulnerable to directory traversal",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001090"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-118"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200904-0554

    Vulnerability from variot - Updated: 2025-04-10 23:12

    SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Pragyan CMS 2.6.4 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0554",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pragyan cms",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "pragyan cms",
            "version": "2.6.4"
          },
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pragyan",
            "version": "2.6.4"
          },
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pragyan",
            "version": "2.6.2"
          },
          {
            "model": "cms pragyan cms",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "pragyan",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "34707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:pragyan_cms_project:pragyan_cms",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Salvatore \"drosophila\" Fresta",
        "sources": [
          {
            "db": "BID",
            "id": "34707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2009-1480",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2009-1480",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2009-1480",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2009-1480",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200904-543",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nPragyan CMS 2.6.4 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2009-1480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "db": "BID",
            "id": "34707"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2009-1480",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "34707",
            "trust": 1.9
          },
          {
            "db": "EXPLOIT-DB",
            "id": "8533",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20090424 PRAGYAN CMS 2.6.4 MULTIPLE SQL INJECTION VULNERABILITIES",
            "trust": 0.6
          },
          {
            "db": "MILW0RM",
            "id": "8533",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "34707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "id": "VAR-200904-0554",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2991453
      },
      "last_update_date": "2025-04-10T23:12:54.442000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Pragyan CMS",
            "trust": 0.8,
            "url": "http://sourceforge.net/projects/pragyan/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/34707"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/8533"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/502933/100/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1480"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1480"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/502933/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.milw0rm.com/exploits/8533"
          },
          {
            "trust": 0.3,
            "url": "http://sourceforge.net/projects/pragyan/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/502933"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/512953"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "34707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "34707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2009-04-24T00:00:00",
            "db": "BID",
            "id": "34707"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "date": "2009-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          },
          {
            "date": "2009-04-29T18:30:00.327000",
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-08-09T16:15:00",
            "db": "BID",
            "id": "34707"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          },
          {
            "date": "2009-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2009-1480"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "index.php Pragyan CMS In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-005973"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200904-543"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-190001-0681

    Vulnerability from variot - Updated: 2022-05-17 02:12

    Pragyan CMS is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. Pragyan CMS 2.6.1 is available; other versions may also be affected.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-190001-0681",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pragyan",
            "version": "2.6.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "51415"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr.KroOoZ",
        "sources": [
          {
            "db": "BID",
            "id": "51415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ],
        "trust": 0.9
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input.\nAn attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.\nPragyan CMS  2.6.1 is available; other versions may also be affected.",
        "sources": [
          {
            "db": "BID",
            "id": "51415"
          }
        ],
        "trust": 0.3
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "51415",
            "trust": 0.9
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-171",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "51415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ]
      },
      "id": "VAR-190001-0681",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2991453
      },
      "last_update_date": "2022-05-17T02:12:13.688000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/51415"
          },
          {
            "trust": 0.3,
            "url": "http://sourceforge.net/projects/pragyan/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "51415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "51415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-01-13T00:00:00",
            "db": "BID",
            "id": "51415"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-01-13T00:00:00",
            "db": "BID",
            "id": "51415"
          },
          {
            "date": "2012-01-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS \u2018 frmupload.html \u2019 Any file upload vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201201-171"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "51415"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201102-0502

    Vulnerability from variot - Updated: 2022-05-17 02:09

    Pragyan CMS is prone to an SQL-injection vulnerability and a code-execution vulnerability because it fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary PHP code in the context of the application. Pragyan CMS 3.0 rev 274 is vulnerable; other versions may be affected.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0502",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cms pragyan cms rev",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pragyan",
            "version": "3.0274"
          },
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pragyan",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Abhishek Lyall",
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ],
        "trust": 0.3
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS is prone to an SQL-injection vulnerability and a code-execution vulnerability because it fails to  sufficiently sanitize user-supplied data.\nSuccessfully exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary PHP code in the context of the application.\nPragyan CMS 3.0 rev 274 is vulnerable; other versions may be affected.",
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ],
        "trust": 0.3
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "46573",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ]
      },
      "id": "VAR-201102-0502",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2991453
      },
      "last_update_date": "2022-05-17T02:09:59.805000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.3,
            "url": "http://bugix-security.blogspot.com/2011/02/pragyan-cms-multipy-vulnerabilities.html"
          },
          {
            "trust": 0.3,
            "url": "http://sourceforge.net/projects/pragyan/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "46573"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-02-25T00:00:00",
            "db": "BID",
            "id": "46573"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-02-25T00:00:00",
            "db": "BID",
            "id": "46573"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS SQL Injection and PHP Code Execution Vulnerabilities",
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ],
        "trust": 0.3
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "46573"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201402-0567

    Vulnerability from variot - Updated: 2022-05-17 02:00

    Pragyan CMS is a content management system.

    Pragyan CMS has a SQL injection vulnerability. Because the index.php script fails to properly filter the user-supplied input to the "page" parameter, it allows remote attackers to inject, manipulate SQL queries and leak information in the back-end database.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0567",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cms pragyan cms",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "pragyan",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-01218",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2014-01218",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS is a content management system.\n\nPragyan CMS has a SQL injection vulnerability. Because the index.php script fails to properly filter the user-supplied input to the \"page\" parameter, it allows remote attackers to inject, manipulate SQL queries and leak information in the back-end database.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "OSVDB",
            "id": "102859",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "id": "VAR-201402-0567",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ],
        "trust": 0.8991453
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "last_update_date": "2022-05-17T02:00:02.614000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.6,
            "url": "http://osvdb.org/show/osvdb/102859"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pragyan CMS \u0027index.php\u0027 page parameter SQL injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01218"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2008-3207 (GCVE-0-2008-3207)

    Vulnerability from nvd – Published: 2008-07-18 15:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/30235 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/6078 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/4010 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31101 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "30235",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30235"
              },
              {
                "name": "6078",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6078"
              },
              {
                "name": "4010",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4010"
              },
              {
                "name": "pragyan-sourcefolder-file-include(43777)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43777"
              },
              {
                "name": "31101",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31101"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "30235",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30235"
            },
            {
              "name": "6078",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6078"
            },
            {
              "name": "4010",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4010"
            },
            {
              "name": "pragyan-sourcefolder-file-include(43777)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43777"
            },
            {
              "name": "31101",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31101"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3207",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "30235",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30235"
                },
                {
                  "name": "6078",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6078"
                },
                {
                  "name": "4010",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4010"
                },
                {
                  "name": "pragyan-sourcefolder-file-include(43777)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43777"
                },
                {
                  "name": "31101",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31101"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3207",
        "datePublished": "2008-07-18T15:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3207 (GCVE-0-2008-3207)

    Vulnerability from cvelistv5 – Published: 2008-07-18 15:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/30235 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/6078 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/4010 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31101 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "30235",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30235"
              },
              {
                "name": "6078",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6078"
              },
              {
                "name": "4010",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4010"
              },
              {
                "name": "pragyan-sourcefolder-file-include(43777)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43777"
              },
              {
                "name": "31101",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31101"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "30235",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30235"
            },
            {
              "name": "6078",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6078"
            },
            {
              "name": "4010",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4010"
            },
            {
              "name": "pragyan-sourcefolder-file-include(43777)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43777"
            },
            {
              "name": "31101",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31101"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3207",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "30235",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30235"
                },
                {
                  "name": "6078",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6078"
                },
                {
                  "name": "4010",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4010"
                },
                {
                  "name": "pragyan-sourcefolder-file-include(43777)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43777"
                },
                {
                  "name": "31101",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31101"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3207",
        "datePublished": "2008-07-18T15:00:00.000Z",
        "dateReserved": "2008-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }