CVE-2015-5617 – This CVE describes a SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2015-5617?

CVE-2015-5617 has a CVSS score of 9.8 (CRITICAL). This CVE describes a SQL injection vulnerability in Enorth Webpublisher CMS that allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter in the delete_pending_news.jsp file. Attackers can potentially read, modify, or delete database content, and in worst cases achieve remote code execution. Any organization running Enorth Webpublisher CMS with the vulnerable component exposed is affected.

📋 TL;DR

This CVE describes a SQL injection vulnerability in Enorth Webpublisher CMS that allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter in the delete_pending_news.jsp file. Attackers can potentially read, modify, or delete database content, and in worst cases achieve remote code execution. Any organization running Enorth Webpublisher CMS with the vulnerable component exposed is affected.

💻 Affected Systems

Products:

Enorth Webpublisher CMS

Versions: All versions prior to patch (specific version unknown)

Operating Systems: Any OS running Java web applications

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default installation path /pub/m_pending_news/delete_pending_news.jsp

📦 What is this software?

Webpublisher Cms by Enorth

View all CVEs affecting Webpublisher Cms →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including remote code execution, data exfiltration, and persistent backdoor installation

🟠

Likely Case

Database compromise leading to data theft, privilege escalation, and potential lateral movement within the network

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data

🌐 Internet-Facing: HIGH - The vulnerable JSP file is typically accessible via web interface without authentication

🏢 Internal Only: MEDIUM - Still significant risk if internal users can access the vulnerable endpoint

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SQL injection via GET parameter with public exploit code available since 2015

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Apply input validation and parameterized queries to the vulnerable JSP file.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize cbNewsId parameter before SQL execution

Modify delete_pending_news.jsp to validate cbNewsId contains only numeric characters

Web Application Firewall Rule

all

Block SQL injection patterns targeting the vulnerable endpoint

WAF rule: Block requests to /pub/m_pending_news/delete_pending_news.jsp containing SQL keywords in parameters

🧯 If You Can't Patch

Block access to /pub/m_pending_news/delete_pending_news.jsp at network perimeter
Implement database user with minimal privileges for the application

🔍 How to Verify

Check if Vulnerable:

Test by accessing http://[target]/pub/m_pending_news/delete_pending_news.jsp?cbNewsId=1' OR '1'='1 and checking for SQL errors

Check Version:

Check CMS version through admin interface or configuration files

Verify Fix Applied:

Attempt SQL injection payloads and verify they are rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

SQL error messages in web logs
Multiple requests to delete_pending_news.jsp with SQL keywords

Network Indicators:

HTTP requests containing SQL injection patterns targeting the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/pub/m_pending_news/delete_pending_news.jsp" AND (param="cbNewsId" AND value MATCH "[';]|(OR|AND|SELECT|UNION)")

📊 Metadata

CVE ID: CVE-2015-5617

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 12, 2020

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2015/Aug/55 Exploit,Mailing List,Third Party Advisory
http://packetstormsecurity.com/files/133082/Enorth-Webpublisher-CMS-SQL-Injection.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2015/Aug/55 Exploit,Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-5617, you might also want to check these: