PT-2023-10107 · Unknown · License To Kill
Published
2023-01-02
·
Updated
2024-05-17
·
CVE-2014-125037
CVSS v2.0
5.2
Medium
| Vector | AV:A/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
License to Kill (affected versions not specified)
Description
A critical issue was found in License to Kill, affecting an unknown part of the file models/injury.rb. The manipulation of the
name argument leads to sql injection.Recommendations
It is recommended to apply a patch to fix this issue. The patch is named cd11cf174f361c98e9b1b4c281aa7b77f46b5078. As a temporary workaround, consider restricting the manipulation of the
name argument to minimize the risk of exploitation.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
License To Kill