CVE-2017-9436

Опубликовано: 05 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

Ссылки

https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md
Issue Tracking
Patch
Third Party Advisory
https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:teampass:teampass:2.1.20.0:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.22.0:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.23.1:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.23.2:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.23.3:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.23.4:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.24.0:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.24.1:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.24.2:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.24.3:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.24.4:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.25.0:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.25.1:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.25.2:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.0:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.1:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.2:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.3:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.4:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.5:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.6:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.7:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.8:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.9:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.10:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.11:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.12:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.13:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.14:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.15:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.16:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.17:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.18:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.26.19:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.27.0:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.27.1:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.27.2:*:*:*:*:*:*:*

cpe:2.3:a:teampass:teampass:2.1.27.3:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00233

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2017-9436

CVSS3: 9.8

debian

больше 8 лет назад

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.que ...

GHSA-cm26-gp8j-w6xf

CVSS3: 9.8

github

больше 3 лет назад

TeamPass SQL injection in users.queries.php

BDU:2021-04101

CVSS3: 9.8

fstec

больше 8 лет назад

Уязвимость компонента users.queries.php менеджера паролей TeamPass, позволяющая нарушителю выполнить произвольные SQL-команды.

EPSS

Процентиль: 46%

0.00233

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89