CVE-2015-10063

Опубликовано: 17 янв. 2023

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The identifier of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability.

Ссылки

https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6
Patch
Third Party Advisory
https://vuldb.com/?ctiid.218453
Third Party Advisory
https://vuldb.com/?id.218453
Third Party Advisory
https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6
Patch
Third Party Advisory
https://vuldb.com/?ctiid.218453
Third Party Advisory
https://vuldb.com/?id.218453
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:theradsystem_project:theradsystem:*:*:*:*:*:*:*:*

Версия до 2015-04-03 (исключая)

EPSS

Процентиль: 19%

0.00059

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-g64c-rxmq-vwm7

CVSS3: 9.8

github

около 3 лет назад

A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The name of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability.

EPSS

Процентиль: 19%

0.00059

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89