PT-2017-4147 · Teampass · Teampass

Published

2017-06-05

Updated

2022-05-17

CVE-2017-9436

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TeamPass versions prior to 2.1.27.5

Description The issue is related to insufficient protection of the SQL query structure in the users.queries.php component of the TeamPass password manager. This can allow a remote attacker to execute arbitrary SQL commands.

Recommendations For versions prior to 2.1.27.5, update to version 2.1.27.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the users.queries.php component to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2021-04101

CVE-2017-9436

GHSA-CM26-GP8J-W6XF

Affected Products

Teampass

PT-2017-4147 · Teampass · Teampass

CVE-2017-9436

Weakness Enumeration

Related Identifiers

Affected Products

References · 12