[Japanese]
|
JVNDB-2015-000081
|
MilkyStep vulnerable to SQL injection
|
MilkyStep provided by Igreks Inc. contains a SQL injection vulnerability.
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability (CWE-89).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 7.5 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Igreks Inc.
- MilkyStep Light Ver0.94 and earlier
- MilkyStep Professional Ver1.82 and earlier
- MilkyStep Professional OEM Ver1.82 and earlier
|
|
An attacker who can access the product may execute an arbitrary SQL command.
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
|
Igreks Inc.
|
- SQL Injection(CWE-89) [IPA Evaluation]
|
- CVE-2015-2956
|
- JVN : JVN#52478686
- National Vulnerability Database (NVD) : CVE-2015-2956
- IPA SECURITY ALERTS : Security Alert for Vulnerability in MilkyStep (JVN#05559185)(JVN#52478686) (in Japanese)
|
- [2015/06/09]
Web page was published
[2015/06/16]
References : Content was added
|