A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect
of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was presented 01/16/2023 as bfba26bd34af31648a11af35a0bb66f1948752a6. The advisory is shared at github.com.
The identification of this vulnerability is CVE-2015-10063. The attack may be initiated remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue.
It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k.
The identifier of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.