fanzila WebFinance 0.5 save_Contract_Signer_Role.php n/v SQL注入

fanzila WebFinance 0.5 中已发现分类为致命的漏洞。 此漏洞会影响未知代码文件htdocs/admin/save_Contract_Signer_Role.php。 手动调试的软件参数:n/v不合法输入可导致 SQL注入。 使用CWE来声明会导致 CWE-89 的问题。 此漏洞的脆弱性 2023-02-02公示人身份abad81af614a9ceef3f29ab22ca6bae517619e06、所分享。 索取公告的网址是github.com。 该漏洞被命名为CVE-2013-10015, 攻击需要进入局域网。 有技术细节可用。 没有可利用漏洞。 目前漏洞的结构决定了可能的价格范围为美元价USD $0-$5k。 该漏洞由MITRE ATT&CK项目分配为T1505。 它被宣布为未定义。 估计零日攻击的地下价格约为$0-$5k。 补丁名称为abad81af614a9ceef3f29ab22ca6bae517619e06。 错误修复程序下载地址为github.com, 建议采用一个补丁来修正此问题。 该漏洞被披露后,远在此前发表过可能的缓解措施。

字段2023-02-02 20時51分2023-03-04 08時39分2023-03-04 08時44分
vendorfanzilafanzilafanzila
nameWebFinanceWebFinanceWebFinance
version0.50.50.5
filehtdocs/admin/save_Contract_Signer_Role.phphtdocs/admin/save_Contract_Signer_Role.phphtdocs/admin/save_Contract_Signer_Role.php
argumentn/vn/vn/v
cwe89 (SQL注入)89 (SQL注入)89 (SQL注入)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifierabad81af614a9ceef3f29ab22ca6bae517619e06abad81af614a9ceef3f29ab22ca6bae517619e06abad81af614a9ceef3f29ab22ca6bae517619e06
urlhttps://github.com/fanzila/WebFinance/commit/abad81af614a9ceef3f29ab22ca6bae517619e06https://github.com/fanzila/WebFinance/commit/abad81af614a9ceef3f29ab22ca6bae517619e06https://github.com/fanzila/WebFinance/commit/abad81af614a9ceef3f29ab22ca6bae517619e06
name补丁补丁补丁
patch_nameabad81af614a9ceef3f29ab22ca6bae517619e06abad81af614a9ceef3f29ab22ca6bae517619e06abad81af614a9ceef3f29ab22ca6bae517619e06
patch_urlhttps://github.com/fanzila/WebFinance/commit/abad81af614a9ceef3f29ab22ca6bae517619e06https://github.com/fanzila/WebFinance/commit/abad81af614a9ceef3f29ab22ca6bae517619e06https://github.com/fanzila/WebFinance/commit/abad81af614a9ceef3f29ab22ca6bae517619e06
advisoryquotehtdocs/admin/save_Contract_Signer_Role.php: fixed SQL injectionhtdocs/admin/save_Contract_Signer_Role.php: fixed SQL injectionhtdocs/admin/save_Contract_Signer_Role.php: fixed SQL injection
cveCVE-2013-10015CVE-2013-10015CVE-2013-10015
responsibleVulDBVulDBVulDB
date1675292400 (2023-02-02)1675292400 (2023-02-02)1675292400 (2023-02-02)
typeFinancial SoftwareFinancial SoftwareFinancial Software
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.25.25.2
cvss2_vuldb_tempscore4.54.54.5
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.35.35.3
cvss3_meta_basescore5.55.56.9
cvss3_meta_tempscore5.35.36.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1675292400 (2023-02-02)1675292400 (2023-02-02)
cve_nvd_summaryA vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore5.2
cvss3_nvd_basescore9.8
cvss3_cna_basescore5.5

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!