Lucene search

VulDBCVELIST:CVE-2018-25071

HistoryJan 07, 2023 - 11:28 a.m.

CVE-2018-25071 roxlukas LMeve proxy.php insert_log sql injection

2023-01-0711:28:15

CWE-89

VulDB

www.cve.org

sql injection

wwwroot

proxy.php

upgrade

c25ff7fe83a2cda1fcb365b182365adc3ffae332

vdb-217610

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "roxlukas",
    "product": "LMeve",
    "versions": [
      {
        "version": "0.1.0",
        "status": "affected"
      },
      {
        "version": "0.1.1",
        "status": "affected"
      },
      {
        "version": "0.1.2",
        "status": "affected"
      },
      {
        "version": "0.1.3",
        "status": "affected"
      },
      {
        "version": "0.1.4",
        "status": "affected"
      },
      {
        "version": "0.1.5",
        "status": "affected"
      },
      {
        "version": "0.1.6",
        "status": "affected"
      },
      {
        "version": "0.1.7",
        "status": "affected"
      },
      {
        "version": "0.1.8",
        "status": "affected"
      },
      {
        "version": "0.1.9",
        "status": "affected"
      },
      {
        "version": "0.1.10",
        "status": "affected"
      },
      {
        "version": "0.1.11",
        "status": "affected"
      },
      {
        "version": "0.1.12",
        "status": "affected"
      },
      {
        "version": "0.1.13",
        "status": "affected"
      },
      {
        "version": "0.1.14",
        "status": "affected"
      },
      {
        "version": "0.1.15",
        "status": "affected"
      },
      {
        "version": "0.1.16",
        "status": "affected"
      },
      {
        "version": "0.1.17",
        "status": "affected"
      },
      {
        "version": "0.1.18",
        "status": "affected"
      },
      {
        "version": "0.1.19",
        "status": "affected"
      },
      {
        "version": "0.1.20",
        "status": "affected"
      },
      {
        "version": "0.1.21",
        "status": "affected"
      },
      {
        "version": "0.1.22",
        "status": "affected"
      },
      {
        "version": "0.1.23",
        "status": "affected"
      },
      {
        "version": "0.1.24",
        "status": "affected"
      },
      {
        "version": "0.1.25",
        "status": "affected"
      },
      {
        "version": "0.1.26",
        "status": "affected"
      },
      {
        "version": "0.1.27",
        "status": "affected"
      },
      {
        "version": "0.1.28",
        "status": "affected"
      },
      {
        "version": "0.1.29",
        "status": "affected"
      },
      {
        "version": "0.1.30",
        "status": "affected"
      },
      {
        "version": "0.1.31",
        "status": "affected"
      },
      {
        "version": "0.1.32",
        "status": "affected"
      },
      {
        "version": "0.1.33",
        "status": "affected"
      },
      {
        "version": "0.1.34",
        "status": "affected"
      },
      {
        "version": "0.1.35",
        "status": "affected"
      },
      {
        "version": "0.1.36",
        "status": "affected"
      },
      {
        "version": "0.1.37",
        "status": "affected"
      },
      {
        "version": "0.1.38",
        "status": "affected"
      },
      {
        "version": "0.1.39",
        "status": "affected"
      },
      {
        "version": "0.1.40",
        "status": "affected"
      },
      {
        "version": "0.1.41",
        "status": "affected"
      },
      {
        "version": "0.1.42",
        "status": "affected"
      },
      {
        "version": "0.1.43",
        "status": "affected"
      },
      {
        "version": "0.1.44",
        "status": "affected"
      },
      {
        "version": "0.1.45",
        "status": "affected"
      },
      {
        "version": "0.1.46",
        "status": "affected"
      },
      {
        "version": "0.1.47",
        "status": "affected"
      },
      {
        "version": "0.1.48",
        "status": "affected"
      },
      {
        "version": "0.1.49",
        "status": "affected"
      },
      {
        "version": "0.1.50",
        "status": "affected"
      },
      {
        "version": "0.1.51",
        "status": "affected"
      },
      {
        "version": "0.1.52",
        "status": "affected"
      },
      {
        "version": "0.1.53",
        "status": "affected"
      },
      {
        "version": "0.1.54",
        "status": "affected"
      },
      {
        "version": "0.1.55",
        "status": "affected"
      },
      {
        "version": "0.1.56",
        "status": "affected"
      },
      {
        "version": "0.1.57",
        "status": "affected"
      },
      {
        "version": "0.1.58",
        "status": "affected"
      }
    ]
  }
]

References

github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332

github.com/roxlukas/lmeve/releases/tag/0.1.59-beta

vuldb.com/?ctiid.217610

vuldb.com/?id.217610

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

Related for CVELIST:CVE-2018-25071