CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18476

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile41.80th
PublishedOct 24, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.

Affected Platforms (CPE)

πŸ“¦
Nedap

Mysql Binuuid Rails

<= 1.1.0

References & Advisories

πŸ”— https://gist.github.com/viraptor/881276ea61e8d56bac6e28454c79f1e6
πŸ”— https://github.com/nedap/mysql-binuuid-rails/pull/18
πŸ”— https://gist.github.com/viraptor/881276ea61e8d56bac6e28454c79f1e6
πŸ”— https://github.com/nedap/mysql-binuuid-rails/pull/18

Related Vulnerabilities

CVE-2018-100065210.0

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosur...

CVE-2018-1051110.0

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for...

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...

CVE-2018-100064410.0

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files...