Vulnerability Description
A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217192.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Is Projecto2 Project | Is Projecto2 | < 2014-11-12 |
Related Weaknesses (CWE)
References
- https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e921035PatchThird Party Advisory
- https://vuldb.com/?ctiid.217192Third Party Advisory
- https://vuldb.com/?id.217192Third Party Advisory
- https://github.com/rfsimoes/IS_Projecto2/commit/aa128b2c9c9fdcbbf5ecd82c1e921035PatchThird Party Advisory
- https://vuldb.com/?ctiid.217192Third Party Advisory
- https://vuldb.com/?id.217192Third Party Advisory
FAQ
What is CVE-2014-125038?
CVE-2014-125038 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument da...
How severe is CVE-2014-125038?
CVE-2014-125038 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-125038?
Check the references section above for vendor advisories and patch information. Affected products include: Is Projecto2 Project Is Projecto2.