VDB-218006 · CVE-2017-20168 · ID 23

jfm-so piWallet api.php key Enlakaat SQL

Un draenvezh a zo bet merzet evel kritikel e jfm-so piWallet. Toc'hor eo ur fonksion dianav eus ar restr api.php. Arverañ an arguzenn key a lak da c'hoarvezout Enlakaat SQL. Ober gant CWE evit diskouez ar gudenn a gas da CWE-89. An disterder-mañ zo bet embannet 11/01/2023 dindan 23. An aliadenn a vez rannet evit bezañ pellgarget war github.com. Ar gwallzarvoud-mañ a vez menegeret evel CVE-2017-20168. Ret eo bezañ war ar rouedad lec'hel evit ma c'hallo an dagadenn-se bezañ sevenet. Gallout a reer kaout titouroù teknikel. N'eus ket a implijadenn hegerz. Hiziv an deiz eo priz an exploit might be approx. USD $0-$5k evit ar mare-mañ. Merket eo evel n'eo ket termenet. Ar patch a zo prest evit pellgargañ war github.com. Kinniget eo lakaat ur patche evit rannañ an dra-se. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Daskemmoù · 72 Poentoù roadennoù

Maez	Krouet 11/01/2023 15:59	Hizivadur 1/2 01/02/2023 16:40	Hizivadur 2/2 01/02/2023 16:47
software_vendor	jfm-so	jfm-so	jfm-so
software_name	piWallet	piWallet	piWallet
software_file	api.php	api.php	api.php
software_argument	key	key	key
vulnerability_cwe	CWE-89 (Enlakaat SQL)	CWE-89 (Enlakaat SQL)	CWE-89 (Enlakaat SQL)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	23	23	23
advisory_url	https://github.com/jfm-so/piWallet/pull/23	https://github.com/jfm-so/piWallet/pull/23	https://github.com/jfm-so/piWallet/pull/23
countermeasure_name	Pazh	Pazh	Pazh
patch_name	b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb
countermeasure_patch_url	https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb
countermeasure_advisoryquote	Fixed SQL Injection Issues	Fixed SQL Injection Issues	Fixed SQL Injection Issues
source_cve	CVE-2017-20168	CVE-2017-20168	CVE-2017-20168
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673391600 (11/01/2023)	1673391600 (11/01/2023)	1673391600 (11/01/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673391600 (11/01/2023)	1673391600 (11/01/2023)
cve_nvd_summary		A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.	A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L

◂ Distreiñ Alc'hwezerezh Kenderc'hel ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!