CVE-2015-10042 MEDIUM

CVE-2015-10042: Dovgalyuk AIBattle procedures.php registerUser sql injection

Vendor Dovgalyuk
Product AIBattle
Weakness CWE-89 · SQLi
Published January 13, 2023
Last update November 25, 2024

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

January 13, 2023 CVE published
November 25, 2024 Record updated

Related vulnerabilities

04Related CVE