Lucene search

VulDBCVELIST:CVE-2015-10046

HistoryJan 15, 2023 - 9:21 a.m.

CVE-2015-10046 lolfeedback sql injection

2023-01-1509:21:00

CWE-89

VulDB

www.cve.org

lolfeedback

sql injection

critical

patch

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

A vulnerability has been found in lolfeedback and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The identifier of the patch is 6cf0b5f2228cd8765f734badd37910051000f2b2. It is recommended to apply a patch to fix this issue. The identifier VDB-218353 was assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "lolfeedback",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/philipblaquiere/lolfeedback/commit/6cf0b5f2228cd8765f734badd37910051000f2b2

vuldb.com/?ctiid.218353

vuldb.com/?id.218353

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

Related for CVELIST:CVE-2015-10046