stevejagodzinski DevNewsAggregator RemoteHtmlContentDataAccess.php getByName name sql injection

In stevejagodzinski DevNewsAggregator è stata rilevato un punto critico di livello critico. Riguarda la funzione getByName del file php/data_access/RemoteHtmlContentDataAccess.php. Attraverso l'influenza del parametro name di un input sconosciuto per mezzo di una vulerabilità di classe sql injection. L'advisory è scaricabile da github.com. CVE-2014-125040 è identificato come punto debole. L'attacco può avvenire nelle rete locale. I dettagli tecnici sono conosciuti. È stato dichiarato come non definito. Il bugfix è scaricabile da github.com. Il miglior modo suggerito per attenuare il problema è applicare le correzioni al componente problematico. Una possibile soluzione è stata pubblicata prima e non solo dopo la pubblicazione della vulnerabilità.

Campo05/01/2023 14:0728/01/2023 18:2528/01/2023 18:33
vendorstevejagodzinskistevejagodzinskistevejagodzinski
nameDevNewsAggregatorDevNewsAggregatorDevNewsAggregator
filephp/data_access/RemoteHtmlContentDataAccess.phpphp/data_access/RemoteHtmlContentDataAccess.phpphp/data_access/RemoteHtmlContentDataAccess.php
functiongetByNamegetByNamegetByName
argumentnamenamename
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifierb9de907e7a8c9ca9d75295da675e58c5bf06b172b9de907e7a8c9ca9d75295da675e58c5bf06b172b9de907e7a8c9ca9d75295da675e58c5bf06b172
urlhttps://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172
namePatchPatchPatch
patch_nameb9de907e7a8c9ca9d75295da675e58c5bf06b172b9de907e7a8c9ca9d75295da675e58c5bf06b172b9de907e7a8c9ca9d75295da675e58c5bf06b172
patch_urlhttps://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172https://github.com/stevejagodzinski/DevNewsAggregator/commit/b9de907e7a8c9ca9d75295da675e58c5bf06b172
advisoryquoteFix SQL injection vulnerabilityFix SQL injection vulnerabilityFix SQL injection vulnerability
cveCVE-2014-125040CVE-2014-125040CVE-2014-125040
responsibleVulDBVulDBVulDB
date1672873200 (05/01/2023)1672873200 (05/01/2023)1672873200 (05/01/2023)
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.25.25.2
cvss2_vuldb_tempscore4.54.54.5
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.35.35.3
cvss3_meta_basescore5.55.56.9
cvss3_meta_tempscore5.35.36.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672873200 (05/01/2023)1672873200 (05/01/2023)
cve_nvd_summaryA vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore5.2
cvss3_nvd_basescore9.8
cvss3_cna_basescore5.5
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acL
cvss2_nvd_auS

Do you want to use VulDB in your project?

Use the official API to access entries easily!