CVE-2013-10009
MEDIUMpychao < 2013-11-03 - SQL Injection in klauen/lesen Function
Title source: llmDescription
A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.217634
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.217634
Patch, Third Party Advisory issue-tracking
https://github.com/DrAzraelTod/pyChao/pull/1
Patch, Third Party Advisory patch
https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648
Scores
CVSS v3
5.5
EPSS
0.0067
EPSS Percentile
47.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-89
Status
published
Products (1)
pychao_project/pychao
< 2013-11-03
Published
Jan 07, 2023
Tracked Since
Feb 18, 2026