Login Sign Up

CVE-2015-7567

9.8 CRITICAL
SQL Injection Authentication Bypass

📋 TL;DR

This SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password reset token parameter. Attackers can potentially read, modify, or delete database contents, and in some cases achieve remote code execution. Any organization running Yeager CMS 1.2.1 is affected.

💻 Affected Systems

Products:
  • Yeager CMS
Versions: 1.2.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the password reset functionality and is exploitable without authentication.

📦 What is this software?

Yeager Cms by Yeager

View all CVEs affecting Yeager Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database leading to data theft, data destruction, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized access to sensitive data, user account compromise, and potential privilege escalation within the CMS.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, though SQL injection attempts would still be logged.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts are available, making this easily exploitable by attackers with minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch exists. The only secure solution is to upgrade to a different CMS or implement custom fixes with proper input validation.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize the passwordreset&token parameter

Modify the password reset handler to validate token format and escape SQL special characters

Web Application Firewall

all

Deploy a WAF with SQL injection protection rules

Configure WAF to block SQL injection patterns in URL parameters

🧯 If You Can't Patch

  • Disable the password reset functionality entirely
  • Implement network segmentation to isolate the CMS from critical databases

🔍 How to Verify

Check if Vulnerable:

Check if running Yeager CMS version 1.2.1 by examining the CMS admin panel or source files

Check Version:

Check the CMS configuration files or admin interface for version information

Verify Fix Applied:

Test the password reset functionality with SQL injection payloads to ensure they are properly blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple failed password reset attempts with suspicious parameters

Network Indicators:

  • HTTP requests to password reset endpoint containing SQL keywords like UNION, SELECT, or DROP

SIEM Query:

source="web_logs" AND (url="*passwordreset*" AND (param="*UNION*" OR param="*SELECT*" OR param="*DROP*"))

📊 Metadata

CVE ID: CVE-2015-7567
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: February 18, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-7567, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)