VDB-218006 · CVE-2017-20168 · ID 23

jfm-so piWallet api.php key SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a jfm-so piWallet. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil api.php, a cikin sashi $software_component. Wuro manipulation of the argument key ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 01/11/2023 da 23. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2017-20168. Wannan hari ba zai yi nasara ba sai an samu damar shiga local network. Bayani na fasaha ga. Babu wani exploit da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí a wondi feere. 0-day ga, an ndiyam a wuro be $0-$5k. Patch ɗin an san shi da b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. Za a iya sauke maganin matsalar daga github.com. Ya kamata a yi amfani da patch don magance wannan matsala. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 72 Datenpunkte

Furɗe	Súgá 01/11/2023 15:59	Gargadi 1/2 02/01/2023 16:40	Gargadi 2/2 02/01/2023 16:47
software_vendor	jfm-so	jfm-so	jfm-so
software_name	piWallet	piWallet	piWallet
software_file	api.php	api.php	api.php
software_argument	key	key	key
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	23	23	23
advisory_url	https://github.com/jfm-so/piWallet/pull/23	https://github.com/jfm-so/piWallet/pull/23	https://github.com/jfm-so/piWallet/pull/23
countermeasure_name	Kari	Kari	Kari
patch_name	b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb
countermeasure_patch_url	https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb	https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb
countermeasure_advisoryquote	Fixed SQL Injection Issues	Fixed SQL Injection Issues	Fixed SQL Injection Issues
source_cve	CVE-2017-20168	CVE-2017-20168	CVE-2017-20168
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673391600 (01/11/2023)	1673391600 (01/11/2023)	1673391600 (01/11/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673391600 (01/11/2023)	1673391600 (01/11/2023)
cve_nvd_summary		A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.	A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!