CVE-2014-125083

Опубликовано: 19 янв. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 9.8

CVSS2: 5.2

EPSS Низкий

Описание

A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.

Ссылки

https://github.com/AnantLabs/google-enterprise-connector-dctm/commit/6fba04f18ab7764002a1da308e7cd9712b501cb7
Patch
https://vuldb.com/?ctiid.218911
Permissions Required
Third Party Advisory
https://vuldb.com/?id.218911
Third Party Advisory
https://github.com/AnantLabs/google-enterprise-connector-dctm/commit/6fba04f18ab7764002a1da308e7cd9712b501cb7
Patch
https://vuldb.com/?ctiid.218911
Permissions Required
Third Party Advisory
https://vuldb.com/?id.218911
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:anant:google-enterprise-connector-dctm:*:*:*:*:*:*:*:*

Версия до 3.2.3 (включая)

EPSS

Процентиль: 52%

0.00291

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-x3r9-wm4v-jw9x

CVSS3: 9.8

github

около 3 лет назад

A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.

EPSS

Процентиль: 52%

0.00291

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89