Search criteria

2 vulnerabilities by lmeve_project

CVE-2018-25071 (GCVE-0-2018-25071)

Vulnerability from cvelistv5 – Published: 2023-01-07 11:28 – Updated: 2024-08-05 12:33
VLAI?
Summary
A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium)
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
roxlukas LMeve Affected: 0.1.0
Affected: 0.1.1
Affected: 0.1.2
Affected: 0.1.3
Affected: 0.1.4
Affected: 0.1.5
Affected: 0.1.6
Affected: 0.1.7
Affected: 0.1.8
Affected: 0.1.9
Affected: 0.1.10
Affected: 0.1.11
Affected: 0.1.12
Affected: 0.1.13
Affected: 0.1.14
Affected: 0.1.15
Affected: 0.1.16
Affected: 0.1.17
Affected: 0.1.18
Affected: 0.1.19
Affected: 0.1.20
Affected: 0.1.21
Affected: 0.1.22
Affected: 0.1.23
Affected: 0.1.24
Affected: 0.1.25
Affected: 0.1.26
Affected: 0.1.27
Affected: 0.1.28
Affected: 0.1.29
Affected: 0.1.30
Affected: 0.1.31
Affected: 0.1.32
Affected: 0.1.33
Affected: 0.1.34
Affected: 0.1.35
Affected: 0.1.36
Affected: 0.1.37
Affected: 0.1.38
Affected: 0.1.39
Affected: 0.1.40
Affected: 0.1.41
Affected: 0.1.42
Affected: 0.1.43
Affected: 0.1.44
Affected: 0.1.45
Affected: 0.1.46
Affected: 0.1.47
Affected: 0.1.48
Affected: 0.1.49
Affected: 0.1.50
Affected: 0.1.51
Affected: 0.1.52
Affected: 0.1.53
Affected: 0.1.54
Affected: 0.1.55
Affected: 0.1.56
Affected: 0.1.57
Affected: 0.1.58
Create a notification for this product.
Credits
VulDB GitHub Commit Analyzer
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:47.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.217610"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.217610"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LMeve",
          "vendor": "roxlukas",
          "versions": [
            {
              "status": "affected",
              "version": "0.1.0"
            },
            {
              "status": "affected",
              "version": "0.1.1"
            },
            {
              "status": "affected",
              "version": "0.1.2"
            },
            {
              "status": "affected",
              "version": "0.1.3"
            },
            {
              "status": "affected",
              "version": "0.1.4"
            },
            {
              "status": "affected",
              "version": "0.1.5"
            },
            {
              "status": "affected",
              "version": "0.1.6"
            },
            {
              "status": "affected",
              "version": "0.1.7"
            },
            {
              "status": "affected",
              "version": "0.1.8"
            },
            {
              "status": "affected",
              "version": "0.1.9"
            },
            {
              "status": "affected",
              "version": "0.1.10"
            },
            {
              "status": "affected",
              "version": "0.1.11"
            },
            {
              "status": "affected",
              "version": "0.1.12"
            },
            {
              "status": "affected",
              "version": "0.1.13"
            },
            {
              "status": "affected",
              "version": "0.1.14"
            },
            {
              "status": "affected",
              "version": "0.1.15"
            },
            {
              "status": "affected",
              "version": "0.1.16"
            },
            {
              "status": "affected",
              "version": "0.1.17"
            },
            {
              "status": "affected",
              "version": "0.1.18"
            },
            {
              "status": "affected",
              "version": "0.1.19"
            },
            {
              "status": "affected",
              "version": "0.1.20"
            },
            {
              "status": "affected",
              "version": "0.1.21"
            },
            {
              "status": "affected",
              "version": "0.1.22"
            },
            {
              "status": "affected",
              "version": "0.1.23"
            },
            {
              "status": "affected",
              "version": "0.1.24"
            },
            {
              "status": "affected",
              "version": "0.1.25"
            },
            {
              "status": "affected",
              "version": "0.1.26"
            },
            {
              "status": "affected",
              "version": "0.1.27"
            },
            {
              "status": "affected",
              "version": "0.1.28"
            },
            {
              "status": "affected",
              "version": "0.1.29"
            },
            {
              "status": "affected",
              "version": "0.1.30"
            },
            {
              "status": "affected",
              "version": "0.1.31"
            },
            {
              "status": "affected",
              "version": "0.1.32"
            },
            {
              "status": "affected",
              "version": "0.1.33"
            },
            {
              "status": "affected",
              "version": "0.1.34"
            },
            {
              "status": "affected",
              "version": "0.1.35"
            },
            {
              "status": "affected",
              "version": "0.1.36"
            },
            {
              "status": "affected",
              "version": "0.1.37"
            },
            {
              "status": "affected",
              "version": "0.1.38"
            },
            {
              "status": "affected",
              "version": "0.1.39"
            },
            {
              "status": "affected",
              "version": "0.1.40"
            },
            {
              "status": "affected",
              "version": "0.1.41"
            },
            {
              "status": "affected",
              "version": "0.1.42"
            },
            {
              "status": "affected",
              "version": "0.1.43"
            },
            {
              "status": "affected",
              "version": "0.1.44"
            },
            {
              "status": "affected",
              "version": "0.1.45"
            },
            {
              "status": "affected",
              "version": "0.1.46"
            },
            {
              "status": "affected",
              "version": "0.1.47"
            },
            {
              "status": "affected",
              "version": "0.1.48"
            },
            {
              "status": "affected",
              "version": "0.1.49"
            },
            {
              "status": "affected",
              "version": "0.1.50"
            },
            {
              "status": "affected",
              "version": "0.1.51"
            },
            {
              "status": "affected",
              "version": "0.1.52"
            },
            {
              "status": "affected",
              "version": "0.1.53"
            },
            {
              "status": "affected",
              "version": "0.1.54"
            },
            {
              "status": "affected",
              "version": "0.1.55"
            },
            {
              "status": "affected",
              "version": "0.1.56"
            },
            {
              "status": "affected",
              "version": "0.1.57"
            },
            {
              "status": "affected",
              "version": "0.1.58"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in roxlukas LMeve bis 0.1.58 ausgemacht. Davon betroffen ist die Funktion insert_log der Datei wwwroot/ccpwgl/proxy.php. Durch Manipulieren des Arguments fetch mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.1.59-beta vermag dieses Problem zu l\u00f6sen. Der Patch wird als c25ff7fe83a2cda1fcb365b182365adc3ffae332 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.2,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T12:25:05.864Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.217610"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.217610"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-01-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-01-07T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-01-07T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-01-29T19:47:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "roxlukas LMeve proxy.php insert_log sql injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2018-25071",
    "datePublished": "2023-01-07T11:28:15.497Z",
    "dateReserved": "2023-01-07T11:27:50.644Z",
    "dateUpdated": "2024-08-05T12:33:47.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4246 (GCVE-0-2021-4246)

Vulnerability from cvelistv5 – Published: 2022-12-17 00:00 – Updated: 2025-04-15 13:01
VLAI?
Summary
A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176.
Severity ?
6.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
  • CWE-707 - Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection
Assigner
References
Impacted products
Vendor Product Version
roxlukas LMeve Affected: n/a
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:23:10.332Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/roxlukas/lmeve/commit/29e1ead3bb1c1fad53b77dfc14534496421c5b5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.216176"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-4246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T17:03:06.596994Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T13:01:49.361Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LMeve",
          "vendor": "roxlukas",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-707",
              "description": "CWE-707 Improper Neutralization -\u003e CWE-74 Injection -\u003e CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-17T00:00:00.000Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "url": "https://github.com/roxlukas/lmeve/commit/29e1ead3bb1c1fad53b77dfc14534496421c5b5d"
        },
        {
          "url": "https://vuldb.com/?id.216176"
        }
      ],
      "title": "roxlukas LMeve Login Page sql injection",
      "x_generator": "vuldb.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2021-4246",
    "datePublished": "2022-12-17T00:00:00.000Z",
    "dateReserved": "2022-12-17T00:00:00.000Z",
    "dateUpdated": "2025-04-15T13:01:49.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}