Details of VAR-201502-0061

ID

VAR-201502-0061

CVE

CVE-2015-1513

TITLE

SIPhone Enterprise PBX SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-01002 // CNNVD: CNNVD-201502-128

DESCRIPTION

SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. SIPhone Enterprise PBX is an enterprise-class switch product

Trust: 2.16

sources: NVD: CVE-2015-1513 // JVNDB: JVNDB-2015-001462 // CNVD: CNVD-2015-01002

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-01002

AFFECTED PRODUCTS

vendor:	siphon	model:	siphone enterprise pbx	scope:	eq	version:	-	Trust: 1.6
vendor:	siphone	model:	enterprise pbx	scope:	-	version:	-	Trust: 0.8
vendor:	bellbridge	model:	s.r.o. siphone enterprise pbx	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2015-01002 // JVNDB: JVNDB-2015-001462 // CNNVD: CNNVD-201502-128 // NVD: CVE-2015-1513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1513
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-1513
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-01002
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201502-128
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2015-1513
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-01002
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-01002 // JVNDB: JVNDB-2015-001462 // CNNVD: CNNVD-201502-128 // NVD: CVE-2015-1513

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2015-001462 // NVD: CVE-2015-1513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-128

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201502-128

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001462

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1513	Trust: 3.0
db:	PACKETSTORM	id:	130194	Trust: 2.2
db:	XF	id:	100582	Trust: 2.0
db:	JVNDB	id:	JVNDB-2015-001462	Trust: 0.8
db:	CNVD	id:	CNVD-2015-01002	Trust: 0.6
db:	CNNVD	id:	CNNVD-201502-128	Trust: 0.6

sources: CNVD: CNVD-2015-01002 // JVNDB: JVNDB-2015-001462 // CNNVD: CNNVD-201502-128 // NVD: CVE-2015-1513

REFERENCES

url:	http://packetstormsecurity.com/files/130194/siphone-enterprise-pbx-sql-injection.html	Trust: 2.2
url:	http://xforce.iss.net/xforce/xfdb/100582	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100582	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1513	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1513	Trust: 0.8

sources: CNVD: CNVD-2015-01002 // JVNDB: JVNDB-2015-001462 // CNNVD: CNNVD-201502-128 // NVD: CVE-2015-1513

SOURCES

db:	CNVD	id:	CNVD-2015-01002
db:	JVNDB	id:	JVNDB-2015-001462
db:	CNNVD	id:	CNNVD-201502-128
db:	NVD	id:	CVE-2015-1513

LAST UPDATE DATE

2025-04-12T23:31:28.189000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-01002	date:	2015-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001462	date:	2015-02-16T00:00:00
db:	CNNVD	id:	CNNVD-201502-128	date:	2015-02-09T00:00:00
db:	NVD	id:	CVE-2015-1513	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-01002	date:	2015-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2015-001462	date:	2015-02-16T00:00:00
db:	CNNVD	id:	CNNVD-201502-128	date:	2015-02-09T00:00:00
db:	NVD	id:	CVE-2015-1513	date:	2015-02-06T15:59:18.367