CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-7564

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile4.74th
Published2017年4月12日
Last Modified2026年5月13日

Vulnerability Description

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.

Affected Platforms (CPE)

📦
Teampass

Teampass

<= 2.1.24

References & Advisories

🔗 https://github.com/nilsteampassnet/TeamPass/pull/1140
🔗 https://www.exploit-db.com/exploits/39559/
🔗 https://github.com/nilsteampassnet/TeamPass/pull/1140
🔗 https://www.exploit-db.com/exploits/39559/

相关漏洞威胁

CVE-2019-10000019.8

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults t...

CVE-2017-94369.8

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

CVE-2020-124798.8

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request w...

CVE-2015-75638.8

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authenticatio...