cvelist/2015/10xxx/CVE-2015-10091.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2015-10091",
        "ASSIGNER": "cna@vuldb.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability."
            },
            {
                "lang": "deu",
                "value": "In ByWater Solutions bywater-koha-xslt wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion StringSearch der Datei admin/systempreferences.pl. Dank Manipulation des Arguments name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Der Patch wird als 9513b93c828dfbc4413f9e0df63647401aaf4e58 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89 SQL Injection",
                        "cweId": "CWE-89"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "ByWater Solutions",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "bywater-koha-xslt",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://vuldb.com/?id.222322",
                "refsource": "MISC",
                "name": "https://vuldb.com/?id.222322"
            },
            {
                "url": "https://vuldb.com/?ctiid.222322",
                "refsource": "MISC",
                "name": "https://vuldb.com/?ctiid.222322"
            },
            {
                "url": "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58",
                "refsource": "MISC",
                "name": "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58"
            }
        ]
    },
    "credits": [
        {
            "lang": "en",
            "value": "VulDB GitHub Commit Analyzer"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "baseScore": 4.7,
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "3.0",
                "baseScore": 4.7,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "2.0",
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
            }
        ]
    }
}
"-Synchronized-Data." 2023-03-04 11:00:38 +00:00			`{`
"-Synchronized-Data." 2023-03-06 04:00:36 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-03-04 11:00:38 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2015-10091",`
"-Synchronized-Data." 2023-03-06 04:00:36 +00:00			`"ASSIGNER": "cna@vuldb.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-03-04 11:00:38 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-10-20 10:00:41 +00:00			"value": "A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability."
"-Synchronized-Data." 2023-03-06 04:00:36 +00:00			`},`
			`{`
			`"lang": "deu",`
			"value": "In ByWater Solutions bywater-koha-xslt wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion StringSearch der Datei admin/systempreferences.pl. Dank Manipulation des Arguments name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Der Patch wird als 9513b93c828dfbc4413f9e0df63647401aaf4e58 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-89 SQL Injection",`
			`"cweId": "CWE-89"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "ByWater Solutions",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "bywater-koha-xslt",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://vuldb.com/?id.222322",`
			`"refsource": "MISC",`
			`"name": "https://vuldb.com/?id.222322"`
			`},`
			`{`
			`"url": "https://vuldb.com/?ctiid.222322",`
			`"refsource": "MISC",`
			`"name": "https://vuldb.com/?ctiid.222322"`
			`},`
			`{`
			`"url": "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58",`
			`"refsource": "MISC",`
			`"name": "https://github.com/bywatersolutions/bywater-koha-xslt/commit/9513b93c828dfbc4413f9e0df63647401aaf4e58"`
			`}`
			`]`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "VulDB GitHub Commit Analyzer"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"baseScore": 4.7,`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",`
			`"baseSeverity": "MEDIUM"`
			`},`
			`{`
			`"version": "3.0",`
			`"baseScore": 4.7,`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",`
			`"baseSeverity": "MEDIUM"`
			`},`
			`{`
			`"version": "2.0",`
			`"baseScore": 5.8,`
"-Synchronized-Data." 2023-10-20 10:00:41 +00:00			`"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"`
"-Synchronized-Data." 2023-03-04 11:00:38 +00:00			`}`
			`]`
			`}`
			`}`