saemorris TheRadSystem _login.php redirect user/pass sql injection

A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was presented 01/16/2023 as bfba26bd34af31648a11af35a0bb66f1948752a6. The advisory is shared at github.com. The identification of this vulnerability is CVE-2015-10063. The attack may be initiated remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The identifier of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field01/16/2023 19:5202/09/2023 08:3902/09/2023 08:43
vendorsaemorrissaemorrissaemorris
nameTheRadSystemTheRadSystemTheRadSystem
file_login.php_login.php_login.php
functionredirectredirectredirect
argumentuser/passuser/passuser/pass
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifierbfba26bd34af31648a11af35a0bb66f1948752a6bfba26bd34af31648a11af35a0bb66f1948752a6bfba26bd34af31648a11af35a0bb66f1948752a6
urlhttps://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6
namePatchPatchPatch
patch_namebfba26bd34af31648a11af35a0bb66f1948752a6bfba26bd34af31648a11af35a0bb66f1948752a6bfba26bd34af31648a11af35a0bb66f1948752a6
patch_urlhttps://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6
advisoryquoteFixed some bugs and SQL injection.Fixed some bugs and SQL injection.Fixed some bugs and SQL injection.
cveCVE-2015-10063CVE-2015-10063CVE-2015-10063
responsibleVulDBVulDBVulDB
date1673823600 (01/16/2023)1673823600 (01/16/2023)1673823600 (01/16/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.56.56.5
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.07.07.0
cvss3_meta_basescore7.37.38.1
cvss3_meta_tempscore7.07.08.0
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1673823600 (01/16/2023)1673823600 (01/16/2023)
cve_nvd_summaryA vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The name of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability.A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The name of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore7.5
cvss3_nvd_basescore9.8
cvss3_cna_basescore7.3

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!