CVE-2018-25071

Summary

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
roxlukasLMeve0.1.0affected
roxlukasLMeve0.1.1affected
roxlukasLMeve0.1.2affected
roxlukasLMeve0.1.3affected
roxlukasLMeve0.1.4affected
roxlukasLMeve0.1.5affected
roxlukasLMeve0.1.6affected
roxlukasLMeve0.1.7affected
roxlukasLMeve0.1.8affected
roxlukasLMeve0.1.9affected
roxlukasLMeve0.1.10affected
roxlukasLMeve0.1.11affected
roxlukasLMeve0.1.12affected
roxlukasLMeve0.1.13affected
roxlukasLMeve0.1.14affected
roxlukasLMeve0.1.15affected
roxlukasLMeve0.1.16affected
roxlukasLMeve0.1.17affected
roxlukasLMeve0.1.18affected
roxlukasLMeve0.1.19affected
roxlukasLMeve0.1.20affected
roxlukasLMeve0.1.21affected
roxlukasLMeve0.1.22affected
roxlukasLMeve0.1.23affected
roxlukasLMeve0.1.24affected
roxlukasLMeve0.1.25affected
roxlukasLMeve0.1.26affected
roxlukasLMeve0.1.27affected
roxlukasLMeve0.1.28affected
roxlukasLMeve0.1.29affected
roxlukasLMeve0.1.30affected
roxlukasLMeve0.1.31affected
roxlukasLMeve0.1.32affected
roxlukasLMeve0.1.33affected
roxlukasLMeve0.1.34affected
roxlukasLMeve0.1.35affected
roxlukasLMeve0.1.36affected
roxlukasLMeve0.1.37affected
roxlukasLMeve0.1.38affected
roxlukasLMeve0.1.39affected
roxlukasLMeve0.1.40affected
roxlukasLMeve0.1.41affected
roxlukasLMeve0.1.42affected
roxlukasLMeve0.1.43affected
roxlukasLMeve0.1.44affected
roxlukasLMeve0.1.45affected
roxlukasLMeve0.1.46affected
roxlukasLMeve0.1.47affected
roxlukasLMeve0.1.48affected
roxlukasLMeve0.1.49affected
roxlukasLMeve0.1.50affected
roxlukasLMeve0.1.51affected
roxlukasLMeve0.1.52affected
roxlukasLMeve0.1.53affected
roxlukasLMeve0.1.54affected
roxlukasLMeve0.1.55affected
roxlukasLMeve0.1.56affected
roxlukasLMeve0.1.57affected
roxlukasLMeve0.1.58affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References