Posted by Steffen Rösemann on Jan 06
Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0
Advisory ID: SROEADV-2015-04
Author: Steffen Rösemann
Affected Software: CMS Sefrengo v.1.6.0 (Release-Date: 18th-Feb-2014)
Vendor URL: http://www.sefrengo.org/start/start.html
Vendor Status: fixed
CVE-ID: –
==========================
Vulnerability Description:
==========================
The Content Management System Sefrengo v.1.6.0 contains SQL-Injection…