CVE-2019-25100

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The name of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability.
Overview
  • CVE ID
  • CVE-2019-25100
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-08T11:15:10
  • Last Modified Date
  • 2023-01-12T16:26:03
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:twmap_project:twmap:*:*:*:*:*:*:*:* 1 OR 2.91_4.31
References
Reference URL Reference Tags
https://github.com/happyman/twmap/commit/babbec79b3fa4efb3bd581ea68af0528d11bba0c
https://github.com/happyman/twmap/issues/42
https://github.com/happyman/twmap/releases/tag/v2.9_v4.31
https://vuldb.com/?ctiid.217645
https://vuldb.com/?id.217645
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25100
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25100
History
Created Old Value New Value Data Type Notes
2023-01-08 11:22:14 Added to TrackCVE
2023-01-08 11:22:14 Weakness Enumeration new
2023-01-08 21:18:57 2023-01-08T20:44:05 CVE Modified Date updated
2023-01-08 21:18:57 Received Awaiting Analysis Vulnerability Status updated
2023-01-08 21:19:00 CVSS V3 information new
2023-01-08 21:19:00 CVSS V2 information new
2023-01-12 05:16:27 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-12 05:16:30 CVSS V3 information new
2023-01-12 05:16:30 CVSS V2 information new
2023-01-12 17:14:50 2023-01-12T16:26:03 CVE Modified Date updated
2023-01-12 17:14:50 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-12 17:14:53 CPE Information updated
2023-01-12 17:14:53 CVSS V3 information new
2023-01-12 17:14:53 CVSS V2 information new