Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2014-5387

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.

  • Published: Nov 4, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-5387
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
expressionengine / expressionengine 2.2.1 2.2.1.x
ellislab / expressionengine 2.3.1 2.3.1.x
ellislab / expressionengine 2.0.1-public_beta 2.0.1-public_beta.x
ellislab / expressionengine 2.0.2-public_beta 2.0.2-public_beta.x
expressionengine / expressionengine 2.1.4 2.1.4.x
expressionengine / expressionengine 2.5.3 2.5.3.x
expressionengine / expressionengine 2.2.2 2.2.2.x
expressionengine / expressionengine 2.1.5 2.1.5.x
expressionengine / expressionengine 2.5.2 2.5.2.x
ellislab / expressionengine 2.6.1 2.6.1.x
expressionengine / expressionengine 2.3.0 2.3.0.x
expressionengine / expressionengine 2.1.1 2.1.1.x
expressionengine / expressionengine 2.8.0 2.8.0.x
ellislab / expressionengine 2.5.5 2.5.5.x
ellislab / expressionengine 2.8.1 2.8.1.x
ellislab / expressionengine 2.7.1 2.7.1.x
expressionengine / expressionengine 2.2.0 2.2.0.x
expressionengine / expressionengine 2.4.0 2.4.0.x
ellislab / expressionengine 2.0.0-public_beta 2.0.0-public_beta.x
ellislab / expressionengine 2.7.2 2.7.2.x
expressionengine / expressionengine 2.1.2 2.1.2.x
expressionengine / expressionengine 2.5.1 2.5.1.x
expressionengine / expressionengine 2.7.0 2.7.0.x
expressionengine / expressionengine 2.1.0 2.1.0.x
ellislab / expressionengine 2..5.4 2..5.4.x
expressionengine / expressionengine 2.6.0 2.6.0.x
expressionengine / expressionengine 2.7.3 2.7.3.x
expressionengine / expressionengine 2.5.0 2.5.0.x
expressionengine / expressionengine 2.1.3 2.1.3.x
expressionengine / expressionengine - 2.9.0.x