Domoticz prior 4.10578 WebServer.cpp GetFloorplanImage idx sql injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Domoticz. Affected by this issue is the function CWebServer::GetFloorplanImage of the file WebServer.cpp. Upgrading to version 4.10578 eliminates this vulnerability.

Field03/31/2019 08:15 PM05/23/2020 10:29 AM
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore8.58.5
cvss3_meta_tempscore8.28.2
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1553990400 (03/31/2019)1553990400 (03/31/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version4.105784.10578
cveCVE-2019-10664CVE-2019-10664
cve_assigned15539904001553990400
cve_nvd_summaryDomoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
seealso132647132647
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore9.89.8
nameDomoticzDomoticz
fileWebServer.cppWebServer.cpp
functionCWebServer::GetFloorplanImageCWebServer::GetFloorplanImage
argumentidxidx
input_typeParameterParameter
cwe89 (sql injection)89 (sql injection)
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
urlhttps://www.exploit-db.com/exploits/46773/
discoverydate1553990400

Do you want to use VulDB in your project?

Use the official API to access entries easily!