CVE-2018-25071

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The name of the patch is c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.
Overview
  • CVE ID
  • CVE-2018-25071
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-07T12:15:08
  • Last Modified Date
  • 2023-01-12T17:31:20
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:lmeve_project:lmeve:*:*:*:*:*:*:*:* 1 OR 0.1.58
References
Reference URL Reference Tags
https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332
https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta
https://vuldb.com/?ctiid.217610
https://vuldb.com/?id.217610
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25071
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25071
History
Created Old Value New Value Data Type Notes
2023-01-07 12:22:47 Added to TrackCVE
2023-01-07 12:22:48 Weakness Enumeration new
2023-01-08 05:21:10 2023-01-08T05:11:13 CVE Modified Date updated
2023-01-08 05:21:10 Received Awaiting Analysis Vulnerability Status updated
2023-01-08 05:21:14 CVSS V3 information new
2023-01-08 05:21:14 CVSS V2 information new
2023-01-12 05:16:15 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-12 05:16:19 CVSS V3 information new
2023-01-12 05:16:19 CVSS V2 information new
2023-01-12 18:17:13 2023-01-12T17:31:20 CVE Modified Date updated
2023-01-12 18:17:14 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-12 18:17:15 CPE Information updated
2023-01-12 18:17:15 CVSS V3 information new
2023-01-12 18:17:15 CVSS V2 information new