CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
cybozugaroon
3.0.0
cybozugaroon
3.0.1
cybozugaroon
3.0.2
cybozugaroon
3.0.3
cybozugaroon
3.1.0
cybozugaroon
3.1.1
cybozugaroon
3.1.2
cybozugaroon
3.1.3
cybozugaroon
3.5.0
cybozugaroon
3.5.1
cybozugaroon
3.5.2
cybozugaroon
3.5.3
cybozugaroon
3.5.4
cybozugaroon
3.5.5
cybozugaroon
3.7.0
cybozugaroon
3.7.1
cybozugaroon
3.7.2
cybozugaroon
3.7.3
cybozugaroon
3.7.4
cybozugaroon
3.7.5
cybozugaroon
4.0.0
cybozugaroon
4.0.1
cybozugaroon
4.0.2
cybozugaroon
4.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN21025396/374951/index.html
http://jvn.jp/en/jp/JVN21025396/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151
https://support.cybozu.com/ja-jp/article/8810
http://jvn.jp/en/jp/JVN21025396/374951/index.html
http://jvn.jp/en/jp/JVN21025396/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151
https://support.cybozu.com/ja-jp/article/8810