PT-2023-10812 · Roxlukas · Lmeve
Roxlukas
·
Published
2023-01-07
·
Updated
2025-12-22
·
CVE-2018-25071
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
roxlukas LMeve versions up to 0.1.58
Description
A critical issue affects the function
insert log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to SQL injection.Recommendations
For versions up to 0.1.58, upgrade to version 0.1.59-beta to address this issue. As a temporary workaround, consider restricting access to the
insert log function in the proxy.php file until the upgrade is applied.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lmeve