CVE-2016-15031

CVSS V2 None CVSS V3 None

Description

A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability.

Overview

CVE ID
CVE-2016-15031

Assigner
cna@vuldb.com

Vulnerability Status
Received

Published Version
2023-05-06T01:15:08

Last Modified Date
2023-05-06T01:15:08

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

References

Reference URL	Reference Tags
https://github.com/ipoelnet/php-login/commit/0083ec652786ddbb81335ea20da590df40035679
https://github.com/ipoelnet/php-login/releases/tag/v2.0
https://vuldb.com/?ctiid.228022
https://vuldb.com/?id.228022

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2016-15031
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-15031

History

Created	Old Value	New Value	Data Type	Notes
2023-05-06 02:00:41				Added to TrackCVE
2023-05-06 02:00:42			Weakness Enumeration	new