GHSA-w4f3-7f7c-x652

Source

https://github.com/advisories/GHSA-w4f3-7f7c-x652

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-w4f3-7f7c-x652/GHSA-w4f3-7f7c-x652.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w4f3-7f7c-x652

Aliases

CVE-2021-26830

Published

2022-03-18T17:49:01Z

Modified

2024-02-16T08:17:27.314636Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

SQL Injection in tribalsystems/zenario

Details

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module.

Database specific

{
    "nvd_published_at": "2021-04-16T18:15:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-06T22:39:06Z"
}

References

Affected packages

Packagist / tribalsystems/zenario

Package

Name: tribalsystems/zenario
Purl: pkg:composer/tribalsystems/zenario

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.8.53370

Affected versions

7.*

7.5.40440

7.5.41006

7.5.41499

7.5.41633

7.5.42085

7.5.42990

7.5.47180

7.6.41504

7.6.41633

7.6.42085

7.6.42990

7.6.47180

7.7.42682

7.7.42963

7.7.42990

7.7.44223

7.7.47180

7.7.47369

7.7.48583

8.*

8.0.44237

8.0.44273

8.0.44294

8.0.44521

8.0.45032

8.0.45250

8.0.45529

8.0.47180

8.0.48583

8.1.45530

8.1.45698

8.1.46089

8.1.46433

8.1.46615

8.1.47180

8.1.47369

8.1.48583

8.2.46436

8.2.46614

8.2.47180

8.2.47369

8.2.47992

8.2.48583

8.3.47997

8.3.48583

8.3.50564

8.4.50565

8.4.51340

8.5.50567

8.5.50837

8.5.51340

8.6.51342

8.7

8.8