CVE-2015-10054

A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The name of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/githuis/P2Manage/commit/717380aba80002414f82d93c770035198b7858cc	Patch Third Party Advisory
https://vuldb.com/?ctiid.218397	Permissions Required Third Party Advisory
https://vuldb.com/?id.218397	Permissions Required Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:p2manage_project:p2manage:*:*:*:*:*:*:*:*

Information

Published : 2023-01-16 10:15

Updated : 2023-01-24 11:32

NVD link : CVE-2015-10054

Mitre link : CVE-2015-10054

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

p2manage_project

p2manage

9.8 /10