VDB-218394 · CVE-2015-10053 · GCVE-100-218394

prodigasistemas curupira ଯେପର୍ଯ୍ୟନ୍ତ 0.1.3 passwords_controller.rb SQL ଇଞ୍ଜେକ୍ସନ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame prodigasistemas curupira ଯେପର୍ଯ୍ୟନ୍ତ 0.1.3 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii app/controllers/curupira/passwords_controller.rb keessa. Hojii jijjiirraa gara SQL ଇଞ୍ଜେକ୍ସନ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-89 geessa. Dadhabbii kana yeroo 01/15/2023 maxxanfameera akka 93a9a77896bb66c949acb8e64bceafc74bc8c271. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2015-10053tti beekama. Konkolaataa naannoo keessa seenuu barbaachisa ta'ee, weerarri kun milkaa'uuf. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa 93a9a77896bb66c949acb8e64bceafc74bc8c271 dha. Sirreeffamni dogoggoraa github.com irraa buufachuuf jira. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 ଆଡାପ୍ଟେସନ୍ · 74 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 01/15/2023 12:53 PM	ଅଦ୍ୟତନ 1/2 02/07/2023 06:38 PM	ଅଦ୍ୟତନ 2/2 02/07/2023 06:45 PM
software_vendor	prodigasistemas	prodigasistemas	prodigasistemas
software_name	curupira	curupira	curupira
software_version	<=0.1.3	<=0.1.3	<=0.1.3
software_file	app/controllers/curupira/passwords_controller.rb	app/controllers/curupira/passwords_controller.rb	app/controllers/curupira/passwords_controller.rb
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	93a9a77896bb66c949acb8e64bceafc74bc8c271	93a9a77896bb66c949acb8e64bceafc74bc8c271	93a9a77896bb66c949acb8e64bceafc74bc8c271
advisory_url	https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271	https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271	https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version	0.1.4	0.1.4	0.1.4
countermeasure_upgrade_url	https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4	https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4	https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4
patch_name	93a9a77896bb66c949acb8e64bceafc74bc8c271	93a9a77896bb66c949acb8e64bceafc74bc8c271	93a9a77896bb66c949acb8e64bceafc74bc8c271
countermeasure_patch_url	https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271	https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271	https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271
countermeasure_advisoryquote	fixed SQL injection vulnerability	fixed SQL injection vulnerability	fixed SQL injection vulnerability
source_cve	CVE-2015-10053	CVE-2015-10053	CVE-2015-10053
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673737200 (01/15/2023)	1673737200 (01/15/2023)	1673737200 (01/15/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673737200 (01/15/2023)	1673737200 (01/15/2023)
cve_nvd_summary		A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.	A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!