CVE-2015-10034

MEDIUM

j-nowak workout-organizer - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-10034. PoCs published by andrenasx.

AI-analyzed exploit summary This repository contains a vulnerable Java application demonstrating CVE-2015-10034, likely involving insecure direct object references or authentication bypass in the workout-organizer application. The code includes controllers and database interactions typical of a Play Framework application.

Description

A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.

Exploits (1)

nomisec WORKING POC
by andrenasx · poc
https://github.com/andrenasx/CVE-2015-10034

This repository contains a vulnerable Java application demonstrating CVE-2015-10034, likely involving insecure direct object references or authentication bypass in the workout-organizer application. The code includes controllers and database interactions typical of a Play Framework application.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: workout-organizer (version unspecified)
Auth required
Prerequisites: Access to the vulnerable application · Valid user session in some cases
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.217714
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.217714

Scores

CVSS v3 5.5
EPSS 0.0086
EPSS Percentile 54.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-89
Status published
Products (1)
workout-organizer_project/workout-organizer < 2015-02-03
Published Jan 09, 2023
Tracked Since Feb 18, 2026