PT-2023-10108 · Unknown · Is Projecto2
Published
2023-01-02
·
Updated
2024-05-17
·
CVE-2014-125038
CVSS v2.0
5.2
Medium
| Vector | AV:A/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IS Projecto2 (affected versions not specified)
Description
A critical vulnerability has been found in IS Projecto2, affecting unknown code in the NewsBean.java file. The manipulation of the
date argument leads to SQL injection.Recommendations
Apply the patch aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0 to fix this issue. As a temporary workaround, consider restricting the manipulation of the
date argument to minimize the risk of SQL injection exploitation.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Is Projecto2