CVE-2013-10009

MEDIUM

pychao < 2013-11-03 - SQL Injection in klauen/lesen Function

Title source: llm
STIX 2.1

Description

A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability.

References (4)

Core 4
Core References
Permissions Required, Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.217634
Permissions Required, Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.217634
Patch, Third Party Advisory issue-tracking
https://github.com/DrAzraelTod/pyChao/pull/1

Scores

CVSS v3 5.5
EPSS 0.0067
EPSS Percentile 47.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-89
Status published
Products (1)
pychao_project/pychao < 2013-11-03
Published Jan 07, 2023
Tracked Since Feb 18, 2026