VYPR
High severity7.5NVD Advisory· Published Jun 1, 2020· Updated Jun 17, 2026

CVE-2014-9702

CVE-2014-9702

Description

system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.

Affected products

2
  • Cmfive/Cmfivedescription
  • Cmfive/Cmfivellm-fuzzy
    Range: <=2015-03-15

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.