CVEブラウザに戻る

CVE-2017-9436

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0860%

EPSS Percentile18.68th

Published2017年6月5日

Last Modified2026年5月13日

Vulnerability Description

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

Affected Platforms (CPE)

📦

Teampass

Teampass

= 2.1.20.0

📦

Teampass

Teampass

= 2.1.22.0

📦

Teampass

Teampass

= 2.1.23.1

📦

Teampass

Teampass

= 2.1.23.2

📦

Teampass

Teampass

= 2.1.23.3

📦

Teampass

Teampass

= 2.1.23.4

📦

Teampass

Teampass

= 2.1.24.0

📦

Teampass

Teampass

= 2.1.24.1

📦

Teampass

Teampass

= 2.1.24.2

📦

Teampass

Teampass

= 2.1.24.3

📦

Teampass

Teampass

= 2.1.24.4

📦

Teampass

Teampass

= 2.1.25.0

📦

Teampass

Teampass

= 2.1.25.1

📦

Teampass

Teampass

= 2.1.25.2

📦

Teampass

Teampass

= 2.1.26

📦

Teampass

Teampass

= 2.1.26.0

📦

Teampass

Teampass

= 2.1.26.1

📦

Teampass

Teampass

= 2.1.26.2

📦

Teampass

Teampass

= 2.1.26.3

📦

Teampass

Teampass

= 2.1.26.4

📦

Teampass

Teampass

= 2.1.26.5

📦

Teampass

Teampass

= 2.1.26.6

📦

Teampass

Teampass

= 2.1.26.7

📦

Teampass

Teampass

= 2.1.26.8

📦

Teampass

Teampass

= 2.1.26.9

📦

Teampass

Teampass

= 2.1.26.10

📦

Teampass

Teampass

= 2.1.26.11

📦

Teampass

Teampass

= 2.1.26.12

📦

Teampass

Teampass

= 2.1.26.13

📦

Teampass

Teampass

= 2.1.26.14

📦

Teampass

Teampass

= 2.1.26.15

📦

Teampass

Teampass

= 2.1.26.16

📦

Teampass

Teampass

= 2.1.26.17

📦

Teampass

Teampass

= 2.1.26.18

📦

Teampass

Teampass

= 2.1.26.19

📦

Teampass

Teampass

= 2.1.27.0

📦

Teampass

Teampass

= 2.1.27.1

📦

Teampass

Teampass

= 2.1.27.2

📦

Teampass

Teampass

= 2.1.27.3

References & Advisories

🔗 https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md

🔗 https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md

関連する脆弱性情報

CVE-2015-75649.8

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via...

CVE-2019-10000019.8

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults t...

CVE-2020-124798.8

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request w...

CVE-2015-75638.8

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authenticatio...