How severe is CVE-2017-16961?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2017-16961?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2017-16961 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.

Related Vulnerabilities

CVE-2015-6004

MEDIUM

CVSS:6.5(Medium)

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.as...

CWE-892015

CVE-2015-6433

MEDIUM

CVSS:6.5(Medium)

SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.

CWE-892015

CVE-2016-1308

MEDIUM

CVSS:6.5(Medium)

SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.

CWE-892016

CVE-2016-1437

MEDIUM

CVSS:6.5(Medium)

SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID ...

CWE-892016

CVE-2016-2950

MEDIUM

CVSS:6.5(Medium)

SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2016-5653

MEDIUM

CVSS:6.5(Medium)

Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.

CWE-892016