Vulnerability Details CVE-2018-25071
A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 57.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 5.2
References
- https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332
- https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta
- https://vuldb.com/?ctiid.217610
- https://vuldb.com/?id.217610
- https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332
- https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta
- https://vuldb.com/?ctiid.217610
- https://vuldb.com/?id.217610
Products affected by CVE-2018-25071
-
cpe:2.3:a:roxlukas:lmeve:0.1.45
-
cpe:2.3:a:roxlukas:lmeve:0.1.46
-
cpe:2.3:a:roxlukas:lmeve:0.1.47
-
cpe:2.3:a:roxlukas:lmeve:0.1.49
-
cpe:2.3:a:roxlukas:lmeve:0.1.50
-
cpe:2.3:a:roxlukas:lmeve:0.1.51
-
cpe:2.3:a:roxlukas:lmeve:0.1.52
-
cpe:2.3:a:roxlukas:lmeve:0.1.53
-
cpe:2.3:a:roxlukas:lmeve:0.1.54
-
cpe:2.3:a:roxlukas:lmeve:0.1.55
-
cpe:2.3:a:roxlukas:lmeve:0.1.56
-
cpe:2.3:a:roxlukas:lmeve:0.1.57
-
cpe:2.3:a:roxlukas:lmeve:0.1.58