Unrated severityNVD Advisory· Published Jan 8, 2015· Updated May 6, 2026

CVE-2015-0919

Description

Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.

Affected products

Sefrengo/Sefrengo
cpe:2.3:a:sefrengo:sefrengo:*:*:*:*:*:*:*:*
Range: <=1.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/129824/Sefrengo-CMS-1.6.0-SQL-Injection.htmlnvdExploit
seclists.org/fulldisclosure/2015/Jan/9nvdExploit
sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-04.htmlnvdExploit
forum.sefrengo.org/index.phpnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000