High severity8.8NVD Advisory· Published Aug 24, 2017· Updated Jun 17, 2026
CVE-2015-8355
CVE-2015-8355
Description
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
Affected products
2- Range: <2.1.3
Patches
Vulnerability mechanics
References
2- www.htbridge.com/advisory/HTB23280nvdExploitThird Party Advisory
- www.securityfocus.com/archive/1/537130/100/0/threadednvd
News mentions
0No linked articles in our index yet.