VDB-218397 · CVE-2015-10054 · GCVE-100-218397

githuis P2Manage PTwoManage/Database.cs Execute sql SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu githuis P2Manage keessatti argameera. Kan miidhamte is hojii Execute faayilii PTwoManage/Database.cs keessa. Hojii jijjiirraa irratti gaggeeffame sql gara SQL ଇଞ୍ଜେକ୍ସନ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-89 geessa. Dadhabbii kana yeroo 01/15/2023 maxxanfameera akka 717380aba80002414f82d93c770035198b7858cc. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2015-10054tti beekama. Konkolaataa naannoo keessa seenuu barbaachisa ta'ee, weerarri kun milkaa'uuf. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa 717380aba80002414f82d93c770035198b7858cc dha. Sirreeffamni rakkoo github.com irratti buufachuuf qophaa’eera. Paachii itti fayyadamuun rakkoo kana furuuf ni gorfama. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 73 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 01/15/2023 06:47 PM	ଅଦ୍ୟତନ 1/2 02/07/2023 07:15 PM	ଅଦ୍ୟତନ 2/2 02/07/2023 07:23 PM
software_vendor	githuis	githuis	githuis
software_name	P2Manage	P2Manage	P2Manage
software_file	PTwoManage/Database.cs	PTwoManage/Database.cs	PTwoManage/Database.cs
software_function	Execute	Execute	Execute
software_argument	sql	sql	sql
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	717380aba80002414f82d93c770035198b7858cc	717380aba80002414f82d93c770035198b7858cc	717380aba80002414f82d93c770035198b7858cc
advisory_url	https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc	https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc	https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc
countermeasure_name	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍
patch_name	717380aba80002414f82d93c770035198b7858cc	717380aba80002414f82d93c770035198b7858cc	717380aba80002414f82d93c770035198b7858cc
countermeasure_patch_url	https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc	https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc	https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc
countermeasure_advisoryquote	Little fix against sql injections	Little fix against sql injections	Little fix against sql injections
source_cve	CVE-2015-10054	CVE-2015-10054	CVE-2015-10054
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673737200 (01/15/2023)	1673737200 (01/15/2023)	1673737200 (01/15/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673737200 (01/15/2023)	1673737200 (01/15/2023)
cve_nvd_summary		A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The name of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability.	A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The name of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!