CVE-2015-7570

Name: CVE-2015-7570
Creator: NVD / NIST
Published: 2017-04-24T18:59:00.35+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.03%

Last modified Jun 17, 2026

CVE-2015-7570 is a vulnerability of currently unknown severity. Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.. EPSS estimates a 6.03% chance of exploitation in the next 30 days.

Description

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.

Metrics

EPSS Probability

6.03%

92.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-918

Affected Software

Vendor	Product	Versions
Yeager	Yeager Cms	1.2.1

References

http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.htmlExploit, Patch, Third Party Advisory
http://seclists.org/fulldisclosure/2016/Feb/44Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/archive/1/537493/100/0/threaded
https://www.exploit-db.com/exploits/39436/Exploit, Patch, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.htmlExploit, Patch, Third Party Advisory
http://seclists.org/fulldisclosure/2016/Feb/44Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/archive/1/537493/100/0/threaded
https://www.exploit-db.com/exploits/39436/Exploit, Patch, Third Party Advisory, VDB Entry

Timeline

Published: Apr 24, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-7570?

How severe is CVE-2015-7570?

Severity scoring for CVE-2015-7570 is pending analysis. The EPSS model estimates a 6.03% probability of exploitation in the next 30 days.

How do I fix CVE-2015-7570?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-7570?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST