Anant Labs google-enterprise-connector-dctm up to 3.2.3 username/domain sql injection
A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was released 01/18/2023 as 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is possible to read the advisory at github.com. This vulnerability is known as CVE-2014-125083. The attack needs to be approached within the local network. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.