CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-18476

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile41.80th
Published2018年10月24日
Last Modified2024年11月21日

Vulnerability Description

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.

Affected Platforms (CPE)

📦
Nedap

Mysql Binuuid Rails

<= 1.1.0

References & Advisories

🔗 https://gist.github.com/viraptor/881276ea61e8d56bac6e28454c79f1e6
🔗 https://github.com/nedap/mysql-binuuid-rails/pull/18
🔗 https://gist.github.com/viraptor/881276ea61e8d56bac6e28454c79f1e6
🔗 https://github.com/nedap/mysql-binuuid-rails/pull/18

関連する脆弱性情報

CVE-2018-556010.0

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One...

CVE-2018-431010.0

An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10....

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...