evandro-machado Trabalho-Web2 ClienteDAO.java SQL注入

条目历史差异jsonxmlCTI

在evandro-machado Trabalho-Web2中曾发现一漏洞，此漏洞被分类为致命。此漏洞会影响未知部件文件 src/java/br/com/magazine/dao/ClienteDAO.java。手动调试的不合法输入可导致 SQL注入。漏洞的CWE定义是 CWE-89。此漏洞的脆弱性 2023-01-16公示人身份f59ac954625d0a4f6d34f069a2e26686a7a20aeb、所披露。阅读公告的网址是github.com。该漏洞唯一标识为CVE-2015-10061，攻击需要在局域网内发起。有技术细节可用。没有可利用漏洞。当前漏洞利用的价值为美元大约是$0-$5k 。根据MITRE ATT&CK，此问题部署的攻击技术是T1505。它被宣布为未定义。我们估计的零日攻击价值约为$0-$5k。补丁名称为f59ac954625d0a4f6d34f069a2e26686a7a20aeb。错误修复程序下载地址为github.com，建议采用一个补丁来修正此问题。该漏洞被披露后，此前未曾发表过可能的缓解措施。

字段	2023-01-16 15時51分	2023-02-08 02時50分	2023-02-08 02時58分
vendor	evandro-machado	evandro-machado	evandro-machado
name	Trabalho-Web2	Trabalho-Web2	Trabalho-Web2
file	src/java/br/com/magazine/dao/ClienteDAO.java	src/java/br/com/magazine/dao/ClienteDAO.java	src/java/br/com/magazine/dao/ClienteDAO.java
cwe	89 (SQL注入)	89 (SQL注入)	89 (SQL注入)
risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	f59ac954625d0a4f6d34f069a2e26686a7a20aeb	f59ac954625d0a4f6d34f069a2e26686a7a20aeb	f59ac954625d0a4f6d34f069a2e26686a7a20aeb
url	https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb	https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb	https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb
name	补丁	补丁	补丁
patch_name	f59ac954625d0a4f6d34f069a2e26686a7a20aeb	f59ac954625d0a4f6d34f069a2e26686a7a20aeb	f59ac954625d0a4f6d34f069a2e26686a7a20aeb
patch_url	https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb	https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb	https://github.com/evandro-machado/Trabalho-Web2/commit/f59ac954625d0a4f6d34f069a2e26686a7a20aeb
cve	CVE-2015-10061	CVE-2015-10061	CVE-2015-10061
responsible	VulDB	VulDB	VulDB
date	1673823600 (2023-01-16)	1673823600 (2023-01-16)	1673823600 (2023-01-16)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673823600 (2023-01-16)	1673823600 (2023-01-16)
cve_nvd_summary		A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The name of the patch is f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427.	A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The name of the patch is f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!