CVE-2018-25071
5.5
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| roxlukas | LMeve | 0.1.0 | affected |
| roxlukas | LMeve | 0.1.1 | affected |
| roxlukas | LMeve | 0.1.2 | affected |
| roxlukas | LMeve | 0.1.3 | affected |
| roxlukas | LMeve | 0.1.4 | affected |
| roxlukas | LMeve | 0.1.5 | affected |
| roxlukas | LMeve | 0.1.6 | affected |
| roxlukas | LMeve | 0.1.7 | affected |
| roxlukas | LMeve | 0.1.8 | affected |
| roxlukas | LMeve | 0.1.9 | affected |
| roxlukas | LMeve | 0.1.10 | affected |
| roxlukas | LMeve | 0.1.11 | affected |
| roxlukas | LMeve | 0.1.12 | affected |
| roxlukas | LMeve | 0.1.13 | affected |
| roxlukas | LMeve | 0.1.14 | affected |
| roxlukas | LMeve | 0.1.15 | affected |
| roxlukas | LMeve | 0.1.16 | affected |
| roxlukas | LMeve | 0.1.17 | affected |
| roxlukas | LMeve | 0.1.18 | affected |
| roxlukas | LMeve | 0.1.19 | affected |
| roxlukas | LMeve | 0.1.20 | affected |
| roxlukas | LMeve | 0.1.21 | affected |
| roxlukas | LMeve | 0.1.22 | affected |
| roxlukas | LMeve | 0.1.23 | affected |
| roxlukas | LMeve | 0.1.24 | affected |
| roxlukas | LMeve | 0.1.25 | affected |
| roxlukas | LMeve | 0.1.26 | affected |
| roxlukas | LMeve | 0.1.27 | affected |
| roxlukas | LMeve | 0.1.28 | affected |
| roxlukas | LMeve | 0.1.29 | affected |
| roxlukas | LMeve | 0.1.30 | affected |
| roxlukas | LMeve | 0.1.31 | affected |
| roxlukas | LMeve | 0.1.32 | affected |
| roxlukas | LMeve | 0.1.33 | affected |
| roxlukas | LMeve | 0.1.34 | affected |
| roxlukas | LMeve | 0.1.35 | affected |
| roxlukas | LMeve | 0.1.36 | affected |
| roxlukas | LMeve | 0.1.37 | affected |
| roxlukas | LMeve | 0.1.38 | affected |
| roxlukas | LMeve | 0.1.39 | affected |
| roxlukas | LMeve | 0.1.40 | affected |
| roxlukas | LMeve | 0.1.41 | affected |
| roxlukas | LMeve | 0.1.42 | affected |
| roxlukas | LMeve | 0.1.43 | affected |
| roxlukas | LMeve | 0.1.44 | affected |
| roxlukas | LMeve | 0.1.45 | affected |
| roxlukas | LMeve | 0.1.46 | affected |
| roxlukas | LMeve | 0.1.47 | affected |
| roxlukas | LMeve | 0.1.48 | affected |
| roxlukas | LMeve | 0.1.49 | affected |
| roxlukas | LMeve | 0.1.50 | affected |
| roxlukas | LMeve | 0.1.51 | affected |
| roxlukas | LMeve | 0.1.52 | affected |
| roxlukas | LMeve | 0.1.53 | affected |
| roxlukas | LMeve | 0.1.54 | affected |
| roxlukas | LMeve | 0.1.55 | affected |
| roxlukas | LMeve | 0.1.56 | affected |
| roxlukas | LMeve | 0.1.57 | affected |
| roxlukas | LMeve | 0.1.58 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://vuldb.com/?id.217610
- https://vuldb.com/?ctiid.217610
- https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332
- https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta
References
- https://vuldb.com/?id.217610
- https://vuldb.com/?ctiid.217610
- https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332
- https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.