mapoor voteapp app.py create_poll/do_poll/show_poll/show_refresh sql injection
A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh
of the file app.py. The manipulation leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was published 01/10/2023 as b290c21a0d8bcdbd55db860afd3cadec97388e72. The advisory is available at github.com.
This vulnerability is handled as CVE-2014-125073. Access to the local network is required for this attack to succeed. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1505 by the MITRE ATT&CK project.
It is declared as not defined. As 0-day the estimated underground price was around $0-$5k.
The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.