Summaryinfo

A vulnerability was found in j-nowak workout-organizer and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2015-10034. There is no exploit available. It is recommended to apply a patch to fix this issue. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability has been found in j-nowak workout-organizer (version unknown) and classified as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was shared 01/09/2023 as 13cd6c3d1210640bfdb39872b2bb3597aa991279. The advisory is available at github.com. This vulnerability was named CVE-2015-10034. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1505 by the MITRE ATT&CK project.

Applying the patch 13cd6c3d1210640bfdb39872b2bb3597aa991279 is able to eliminate this problem. The bugfix is ready for download at github.com. The advisory contains the following remark:

Fixed building queries - preventing SQL-injection

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• j-nowak

Name

• workout-organizer

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion