CVE-2015-10084

CVSS v2.0

5.2

Medium

Vector

AV:A/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions irontec klear-library chloe versions prior to marla

Description A critical issue was found in the prepareWhere function of the Controller/Rest/BaseController.php file, leading to sql injection.

Recommendations For versions prior to marla, upgrade to version marla to address this issue. As a temporary workaround, consider disabling the prepareWhere function until the upgrade is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2015-10084

Affected Products

Irontec Klear-Library

CVE-2015-10084

Weakness Enumeration

Related Identifiers

Affected Products

References · 7