Lucene search

PRIOn knowledge basePRION:CVE-2015-10091

HistoryMar 06, 2023 - 4:15 a.m.

Sql injection

2023-03-0604:15:00

PRIOn knowledge base

www.prio-n.com

bywater solutions

critical

sql injection

stringsearch function

admin

systempreferences.pl

remote attack

patch

9513b93c828dfbc4413f9e0df63647401aaf4e58

no version details

vdb-222322

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.7%

JSON

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.

CPENameOperatorVersion
bywater-koha-xslteq< 2015721

CPE	Name	Operator	Version
	bywater-koha-xslt	eq	< 2015721

References

github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58

vuldb.com/?ctiid.222322

vuldb.com/?id.222322