CVE-2015-10076 MEDIUM

CVE-2015-10076: dimtion Shaarlier Tag TagsSource.java createTag sql injection

Vendor Dimtion

Product Shaarlier

Weakness CWE-89 · SQLi

Published February 9, 2023

Last update November 25, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The identifier of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.

Key dates

Disclosure timeline

February 9, 2023 CVE published

November 25, 2024 Record updated

Identifiers

CVE CVE-2015-10076

CWE CWE-89

CVSS 5.5 / MEDIUM

Affected versions

Vendor Dimtion

Product Shaarlier

Affected 1.2.0

Vendor Dimtion

Product Shaarlier

Affected 1.2.1

Vendor Dimtion

Product Shaarlier

Affected 1.2.2