MNBikeways database Data/views.py id1/id2 sql injection

A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was disclosed 01/16/2023 as 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. The advisory is shared at github.com. The identification of this vulnerability is CVE-2015-10060. The attack needs to be done within the local network. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field01/16/2023 13:4302/08/2023 01:1302/08/2023 01:21
vendorMNBikewaysMNBikewaysMNBikeways
namedatabasedatabasedatabase
fileData/views.pyData/views.pyData/views.py
argumentid1/id2id1/id2id1/id2
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier829a027aca7c17f5a7ec1addca8dd5d5542f86ac829a027aca7c17f5a7ec1addca8dd5d5542f86ac829a027aca7c17f5a7ec1addca8dd5d5542f86ac
urlhttps://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86achttps://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86achttps://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86ac
namePatchPatchPatch
patch_name829a027aca7c17f5a7ec1addca8dd5d5542f86ac829a027aca7c17f5a7ec1addca8dd5d5542f86ac829a027aca7c17f5a7ec1addca8dd5d5542f86ac
patch_urlhttps://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86achttps://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86achttps://github.com/MNBikeways/database/commit/829a027aca7c17f5a7ec1addca8dd5d5542f86ac
advisoryquoteGet rid of SQL injection possibility on /router http urlGet rid of SQL injection possibility on /router http urlGet rid of SQL injection possibility on /router http url
cveCVE-2015-10060CVE-2015-10060CVE-2015-10060
responsibleVulDBVulDBVulDB
date1673823600 (01/16/2023)1673823600 (01/16/2023)1673823600 (01/16/2023)
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.25.25.2
cvss2_vuldb_tempscore4.54.54.5
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.35.35.3
cvss3_meta_basescore5.55.56.9
cvss3_meta_tempscore5.35.36.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1673823600 (01/16/2023)1673823600 (01/16/2023)
cve_nvd_summaryA vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The name of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability.A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The name of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore5.2
cvss3_nvd_basescore9.8
cvss3_cna_basescore5.5

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!