Vulnerability Details CVE-2021-4246
A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.0%
CVSS Severity
CVSS v3 Score 6.3
References
Products affected by CVE-2021-4246
-
cpe:2.3:a:roxlukas:lmeve:0.1.45
-
cpe:2.3:a:roxlukas:lmeve:0.1.46
-
cpe:2.3:a:roxlukas:lmeve:0.1.47
-
cpe:2.3:a:roxlukas:lmeve:0.1.49
-
cpe:2.3:a:roxlukas:lmeve:0.1.50
-
cpe:2.3:a:roxlukas:lmeve:0.1.51
-
cpe:2.3:a:roxlukas:lmeve:0.1.52
-
cpe:2.3:a:roxlukas:lmeve:0.1.53
-
cpe:2.3:a:roxlukas:lmeve:0.1.54
-
cpe:2.3:a:roxlukas:lmeve:0.1.55
-
cpe:2.3:a:roxlukas:lmeve:0.1.56
-
cpe:2.3:a:roxlukas:lmeve:0.1.57
-
cpe:2.3:a:roxlukas:lmeve:0.1.58
-
cpe:2.3:a:roxlukas:lmeve:0.1.59