A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name
of the file search.rb. The manipulation leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was disclosed 01/07/2023 as d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is possible to read the advisory at github.com.
The identification of this vulnerability is CVE-2014-125058. Access to the local network is required for this attack. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK.
It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. Maintainer is aware of this issue as remarked in the source code.
The patch is named d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.