2071174A vinylmap recordstoreapp/views.py contact sql injection

WpisHistoryjsonxmlCTI

Podatność została odkryta w 2071174A vinylmap. Dotknięta jest funkcja contact w pliku recordstoreapp/views.py. Dzięki manipulacji przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności sql injection. Raport na temat podatności został udostępniony pod adresem github.com. Podatność ta została oznaczona identyfikatorem CVE-2015-10056. Atak musi być przeprowadzony z poziomu sieci lokalnej. Techniczne szczegóły są znane. Uważa się go za nie określono. Poprawka jet dostępna pod adresem github.com. Sugeruje się, że najlepszym zabezpieczeniem jest załatanie podatnego komponentu. Potencjalne zabezpieczenie zostało opublikowane jeszcze przed po ujawnieniu podatności.

Pole	2023-01-15 18:53	2023-02-07 20:01	2023-02-07 20:08
vendor	2071174A	2071174A	2071174A
name	vinylmap	vinylmap	vinylmap
file	recordstoreapp/views.py	recordstoreapp/views.py	recordstoreapp/views.py
function	contact	contact	contact
cwe	89 (sql injection)	89 (sql injection)	89 (sql injection)
risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	b07b79a1e92cc62574ba0492cce000ef4a7bd25f	b07b79a1e92cc62574ba0492cce000ef4a7bd25f	b07b79a1e92cc62574ba0492cce000ef4a7bd25f
url	https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f	https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f	https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f
name	Poprawka	Poprawka	Poprawka
patch_name	b07b79a1e92cc62574ba0492cce000ef4a7bd25f	b07b79a1e92cc62574ba0492cce000ef4a7bd25f	b07b79a1e92cc62574ba0492cce000ef4a7bd25f
patch_url	https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f	https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f	https://github.com/2071174A/vinylmap/commit/b07b79a1e92cc62574ba0492cce000ef4a7bd25f
advisoryquote	shame on you tony	shame on you tony	shame on you tony
cve	CVE-2015-10056	CVE-2015-10056	CVE-2015-10056
responsible	VulDB	VulDB	VulDB
date	1673737200 (2023-01-15)	1673737200 (2023-01-15)	1673737200 (2023-01-15)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673737200 (2023-01-15)	1673737200 (2023-01-15)
cve_nvd_summary		A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218400.	A vulnerability was found in 2071174A vinylmap. It has been classified as critical. Affected is the function contact of the file recordstoreapp/views.py. The manipulation leads to sql injection. The name of the patch is b07b79a1e92cc62574ba0492cce000ef4a7bd25f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218400.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5

◂ Poprzedni Przegląd Kolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!