Vulnerability Description
A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Weberp | D2Files | < 1.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e217PatchThird Party Advisory
- https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0Third Party Advisory
- https://vuldb.com/?ctiid.217561Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.217561Permissions RequiredThird Party Advisory
- https://github.com/DBRisinajumi/d2files/commit/b5767f2ec9d0f3cbfda7f13c84740e217PatchThird Party Advisory
- https://github.com/DBRisinajumi/d2files/releases/tag/1.0.0Third Party Advisory
- https://vuldb.com/?ctiid.217561Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.217561Permissions RequiredThird Party Advisory
FAQ
What is CVE-2015-10018?
CVE-2015-10018 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesControl...
How severe is CVE-2015-10018?
CVE-2015-10018 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-10018?
Check the references section above for vendor advisories and patch information. Affected products include: Weberp D2Files.