Lucene search

VulDBCVELIST:CVE-2018-25057

HistoryDec 28, 2022 - 8:30 p.m.

CVE-2018-25057 simple_php_link_shortener index.php sql injection

2022-12-2820:30:56

CWE-89

VulDB

www.cve.org

cve-2018-25057

sql injection

patch b26ac6480761635ed94ccb0222ba6b732de6e53f

vdb-216996

critical vulnerability

unknown function

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

A vulnerability was found in simple_php_link_shortener. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument $link[“id”] leads to sql injection. The name of the patch is b26ac6480761635ed94ccb0222ba6b732de6e53f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216996.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "simple_php_link_shortener",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/mikebharris/simple_php_link_shortener/commit/b26ac6480761635ed94ccb0222ba6b732de6e53f

vuldb.com/?ctiid.216996

vuldb.com/?id.216996