Multiple SQL Injection Vulnerabilities in Bitrix Orion Extfeedbackform Module

CVE-2015-8355 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.