CyberSec.Space Logo
Back to CVE Browser

CVE-2015-7564

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile4.74th
PublishedApr 12, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.

Affected Platforms (CPE)

πŸ“¦
Teampass

Teampass

<= 2.1.24

References & Advisories

πŸ”— https://github.com/nilsteampassnet/TeamPass/pull/1140
πŸ”— https://www.exploit-db.com/exploits/39559/
πŸ”— https://github.com/nilsteampassnet/TeamPass/pull/1140
πŸ”— https://www.exploit-db.com/exploits/39559/

Related Vulnerabilities

CVE-2019-10000019.8

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults t...

CVE-2017-94369.8

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

CVE-2020-124798.8

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request w...

CVE-2015-75638.8

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authenticatio...