SQL Injection Vulnerability in SimpleSAMLphp Proxystatistics Module
CVE-2019-15537

9.8CRITICAL

Key Information:

Vendor: Cesnet
Status: Proxystatistics
Vendor: CVE Published:; 23 August 2019

What is CVE-2019-15537?

The proxystatistics module for SimpleSAMLphp prior to version 3.1.0 is prone to SQL injection, which occurs in the DatabaseCommand.php file. Attackers can exploit this vulnerability to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the database. It is crucial for users of affected versions to update to version 3.1.0 or later to mitigate the risk associated with this vulnerability.

References

https://github.com/CESNET/proxystatistics-simplesamlphp-m...

x_refsource_MISC

https://github.com/CESNET/proxystatistics-simplesamlphp-m...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2019
Vulnerability Reserved
Aug 23, 2019

CVE-2019-15537 Data

JSON

Cesnet

What is CVE-2019-15537?

References

CVSS V3.1

Timeline