j-nowak workout-organizer sql injection
CVE-2015-10034

5.5MEDIUM

Key Information:

Vendor: J-nowak
Status: Workout-organizer
Vendor: CVE Published:; 9 January 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2015-10034?

A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.

Affected Version(s)

workout-organizer

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-10034
Created by andrenasx

References

https://vuldb.com/?id.217714

vdb-entrytechnical-description

https://vuldb.com/?ctiid.217714

signaturepermissions-required

https://github.com/j-nowak/workout-organizer/commit/13cd6...

patch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 1, 2023
👾
Exploit known to exist
Jul 1, 2023
Vulnerability published
Jan 9, 2023
Vulnerability Reserved
Jan 9, 2023

Credit

VulDB GitHub Commit Analyzer

CVE-2015-10034 Data

JSON

J-nowak