CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-15301

A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://medium.com/%40sorokinpf/bpmonline-sql-injection-607916447e30
https://medium.com/%40sorokinpf/bpmonline-sql-injection-607916447e30

Products affected by CVE-2019-15301

Terrasoft » Bpm Online Crm System Sdk » Version: 7.13

cpe:2.3:a:terrasoft:bpm_online_crm_system_sdk:7.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15301

Products

Pricing

Contact Us