CVE-2015-10008 : ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The identifier of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published 2023-01-02 11:15:11

Updated 2024-08-06 09:15:29

Source VulDB

View at NVD, CVE.org

Vulnerability category: Sql Injection

Products affected by CVE-2015-10008

Weipdcrm Project » Weipdcrm
Versions before (<) 2015-04-01
cpe:2.3:a:weipdcrm_project:weipdcrm:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-10008

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-10008

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	VulDB
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	2.8	3.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	2.8	3.4	VulDB	2024-02-29
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-10008

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2015-10008

https://vuldb.com/?ctiid.217185

CVE-2015-10008 | 82Flex WEIPDCRM sql injection
Third Party Advisory
https://vuldb.com/?id.217185

CVE-2015-10008 | 82Flex WEIPDCRM sql injection
Third Party Advisory
https://github.com/82Flex/WEIPDCRM/commit/43bad79392332fa39e31b95268e76fbda9fec3a4

IMPORTANT: Some HotFix and some bugs fixed. 重要：一些紧急修复及错误修复。 · 82Flex/WEIPDCRM@43bad79 · GitHub
Patch;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-10008

Products affected by CVE-2015-10008

Exploit prediction scoring system (EPSS) score for CVE-2015-10008

CVSS scores for CVE-2015-10008

CWE ids for CVE-2015-10008

References for CVE-2015-10008