CVE-2015-10053 MEDIUM

CVE-2015-10053: prodigasistemas curupira passwords_controller.rb sql injection

Vendor Prodigasistemas
Product curupira
Weakness CWE-89 · SQLi
Published January 16, 2023
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The patch is identified as 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

January 16, 2023 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-15195 code-projects Assessment Management add-module.php sql injection CVE-2015-10099 CP Appointment Calendar Plugin dex_appointments.php dex_process_ready_to_go_appointment sql injection CVE-2024-10338 SourceCodeHero Clothes Recommendation System home.php sql injection CVE-2024-7548 LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter