CVE-2013-10014

EPSS 0.05%
Published 19.01.2023 10:15:10
Last modified 21.11.2024 01:48:40
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The patch is identified as 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

2moons Project ≫ 2moons Version < 2013-01-18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.104

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.5	2.1	3.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	5.2	5.1	6.4	AV:A/AC:L/Au:S/C:P/I:P/A:P

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://github.com/oktora24/2moons/commit/1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7

Patch

Third Party Advisory

https://vuldb.com/?ctiid.218898

Third Party Advisory

Permissions Required

https://vuldb.com/?id.218898

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-10014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-10014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-10014

EUVD