Domoticz prior 4.10578 WebServer.cpp GetFloorplanImage idx sql injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Domoticz. Affected by this issue is the function CWebServer::GetFloorplanImage of the file WebServer.cpp. Upgrading to version 4.10578 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
884917505/23/2020VulD...urlhttps://www.exploit-db.com/exploits/46773/exploit-db.com05/23/2020accepted100
884913705/23/2020VulD...discoverydate155399040005/23/2020accepted100
884919003/31/2019VulD...cvss3_nvd_basescore9.8nist.gov03/31/2019accepted90
884918903/31/2019VulD...cvss3_vuldb_rcX03/31/2019accepted90
884918803/31/2019VulD...cvss3_vuldb_rlO03/31/2019accepted90
884918703/31/2019VulD...cvss3_vuldb_eX03/31/2019accepted90
884918603/31/2019VulD...cvss2_vuldb_rcND03/31/2019accepted90
884918503/31/2019VulD...cvss2_vuldb_rlOF03/31/2019accepted90
884918403/31/2019VulD...cvss2_vuldb_eND03/31/2019accepted90
884918303/31/2019VulD...locationWebsite03/31/2019accepted90
884918203/31/2019VulD...seealso13264703/31/2019accepted100
884918103/31/2019VulD...cve_nvd_summaryDomoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.mitre.org03/31/2019accepted100
884918003/31/2019VulD...cve_assigned1553990400mitre.org03/31/2019accepted100
884917903/31/2019VulD...cveCVE-2019-10664mitre.org03/31/2019accepted100
884917803/31/2019VulD...upgrade_version4.1057803/31/2019accepted100
884917703/31/2019VulD...nameUpgrade03/31/2019accepted100
884917603/31/2019VulD...price_0day$0-$5ksee documentation03/31/2019accepted100
884917403/31/2019VulD...date1553990400 (03/31/2019)03/31/2019accepted100
884917303/31/2019VulD...cvss3_nvd_aHnist.gov03/31/2019accepted100
884917203/31/2019VulD...cvss3_nvd_iHnist.gov03/31/2019accepted100

Do you know our Splunk app?

Download it now for free!