Vulnerability Description
A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aista | Phosphorus Five | <= 8.2 |
Related Weaknesses (CWE)
References
- https://github.com/polterguy/phosphorusfive/commit/c179a3d0703db55cfe0cb939b8959Patch
- https://github.com/polterguy/phosphorusfive/releases/tag/v8.3Release Notes
- https://vuldb.com/?ctiid.217606Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.217606Third Party Advisory
- https://github.com/polterguy/phosphorusfive/commit/c179a3d0703db55cfe0cb939b8959Patch
- https://github.com/polterguy/phosphorusfive/releases/tag/v8.3Release Notes
- https://vuldb.com/?ctiid.217606Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.217606Third Party Advisory
FAQ
What is CVE-2018-25070?
CVE-2018-25070 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of th...
How severe is CVE-2018-25070?
CVE-2018-25070 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25070?
Check the references section above for vendor advisories and patch information. Affected products include: Aista Phosphorus Five.