mback2k mh_httpbl Extension har 1.1.7 ka TYPO3 mod1/index.php moduleContent SQL Injection

Gaskiya vulnerability da aka ware a matsayin kura an samu a mback2k mh_httpbl Extension har 1.1.7 on TYPO3. Hakika, aikin moduleContent ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil mod1/index.php, a cikin sashen $software_component. A sa manipulation ka SQL Injection. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-89. Hakika, rauni an bayyana shi 09/30/2015 kamar TYPO3-EXT-SA-2015-021. An raba bayanin tsaro don saukewa a typo3.org. Wannan matsala ana saninta da CVE-2015-10106. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal faɗi ga. Babu exploit ɗin da ake samu. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu a wondi feere. 0-day shima, an ndiyam a wuro be $0-$5k. Ana kiran patch ɗin da 429f50f4e4795b20dae06735b41fb94f010722bf. Za a iya sauke maganin matsalar daga github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Wani hanya na kariya an fitar da shi 3 Wurɗi daga bayan an bayyana rauni. Once again VulDB remains the best source for vulnerability data.

5 Goyarwa · 92 Datenpunkte

FurɗeSúgá
05/27/2023 10:02		Gargadi 1/4
05/31/2023 18:55		Gargadi 2/4
06/21/2023 13:24		Gargadi 3/4
06/21/2023 13:30		Gargadi 4/4
08/06/2024 11:40
software_vendormback2kmback2kmback2kmback2kmback2k
software_namemh_httpbl Extensionmh_httpbl Extensionmh_httpbl Extensionmh_httpbl Extensionmh_httpbl Extension
software_version<=1.1.7<=1.1.7<=1.1.7<=1.1.7<=1.1.7
software_platformTYPO3TYPO3TYPO3TYPO3TYPO3
software_filemod1/index.phpmod1/index.phpmod1/index.phpmod1/index.phpmod1/index.php
software_functionmoduleContentmoduleContentmoduleContentmoduleContentmoduleContent
vulnerability_cweCWE-89 (SQL Injection)CWE-89 (SQL Injection)CWE-89 (SQL Injection)CWE-89 (SQL Injection)CWE-89 (SQL Injection)
vulnerability_risk22222
cvss3_vuldb_avNNNNN
cvss3_vuldb_acLLLLL
cvss3_vuldb_uiNNNNN
cvss3_vuldb_sUUUUU
cvss3_vuldb_cLLLLL
cvss3_vuldb_iLLLLL
cvss3_vuldb_aLLLLL
cvss3_vuldb_rlOOOOO
cvss3_vuldb_rcCCCCC
advisory_date1443564000 (09/30/2015)1443564000 (09/30/2015)1443564000 (09/30/2015)1443564000 (09/30/2015)1443564000 (09/30/2015)
advisory_identifierTYPO3-EXT-SA-2015-021TYPO3-EXT-SA-2015-021TYPO3-EXT-SA-2015-021TYPO3-EXT-SA-2015-021TYPO3-EXT-SA-2015-021
advisory_urlhttps://typo3.org/article/typo3-ext-sa-2015-021https://typo3.org/article/typo3-ext-sa-2015-021https://typo3.org/article/typo3-ext-sa-2015-021https://typo3.org/article/typo3-ext-sa-2015-021https://typo3.org/article/typo3-ext-sa-2015-021
countermeasure_nameGargajiyaGargajiyaGargajiyaGargajiyaGargajiya
countermeasure_date1450134000 (12/15/2015)1450134000 (12/15/2015)1450134000 (12/15/2015)1450134000 (12/15/2015)1450134000 (12/15/2015)
upgrade_version1.1.81.1.81.1.81.1.81.1.8
countermeasure_upgrade_urlhttps://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_securityhttps://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_securityhttps://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_securityhttps://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_securityhttps://github.com/mback2k/mh_httpbl/releases/tag/mh_httpbl_1.1.8_security
patch_name429f50f4e4795b20dae06735b41fb94f010722bf429f50f4e4795b20dae06735b41fb94f010722bf429f50f4e4795b20dae06735b41fb94f010722bf429f50f4e4795b20dae06735b41fb94f010722bf429f50f4e4795b20dae06735b41fb94f010722bf
countermeasure_patch_urlhttps://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bfhttps://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bfhttps://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bfhttps://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bfhttps://github.com/mback2k/mh_httpbl/commit/429f50f4e4795b20dae06735b41fb94f010722bf
countermeasure_advisoryquoteHandle all user-input which is passed as WHERE or ORDER statement to exec_SELECTquery using fullQuoteStr or explicit value checks.Handle all user-input which is passed as WHERE or ORDER statement to exec_SELECTquery using fullQuoteStr or explicit value checks.Handle all user-input which is passed as WHERE or ORDER statement to exec_SELECTquery using fullQuoteStr or explicit value checks.Handle all user-input which is passed as WHERE or ORDER statement to exec_SELECTquery using fullQuoteStr or explicit value checks.Handle all user-input which is passed as WHERE or ORDER statement to exec_SELECTquery using fullQuoteStr or explicit value checks.
source_cveCVE-2015-10106CVE-2015-10106CVE-2015-10106CVE-2015-10106CVE-2015-10106
cna_responsibleVulDBVulDBVulDBVulDBVulDB
cvss2_vuldb_avNNNNN
cvss2_vuldb_acLLLLL
cvss2_vuldb_ciPPPPP
cvss2_vuldb_iiPPPPP
cvss2_vuldb_aiPPPPP
cvss2_vuldb_rcCCCCC
cvss2_vuldb_rlOFOFOFOFOF
cvss2_vuldb_auSSSSS
cvss2_vuldb_eNDNDNDNDND
cvss3_vuldb_prLLLLL
cvss3_vuldb_eXXXXX
cvss2_vuldb_basescore6.56.56.56.56.5
cvss2_vuldb_tempscore5.75.75.75.75.7
cvss3_vuldb_basescore6.36.36.36.36.3
cvss3_vuldb_tempscore6.06.06.06.06.0
cvss3_meta_basescore6.36.36.36.37.1
cvss3_meta_tempscore6.06.06.06.07.0
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
cna_eol1111
cve_assigned1685138400 (05/27/2023)1685138400 (05/27/2023)1685138400 (05/27/2023)
cve_nvd_summary** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore8.8
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore6.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore6.5
cvss4_vuldb_avN
cvss4_vuldb_acL
cvss4_vuldb_prL
cvss4_vuldb_uiN
cvss4_vuldb_vcL
cvss4_vuldb_viL
cvss4_vuldb_vaL
cvss4_vuldb_eX
cvss4_vuldb_atN
cvss4_vuldb_scN
cvss4_vuldb_siN
cvss4_vuldb_saN
cvss4_vuldb_bscore5.3
cvss4_vuldb_btscore5.3

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!