CVE-2013-10009 - OpenCVE

A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pychao Project	Pychao

Configuration 1 [-]

cpe:2.3:a:pychao_project:pychao:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648
https://github.com/DrAzraelTod/pyChao/pull/1
https://vuldb.com/?ctiid.217634
https://vuldb.com/?id.217634

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-01-07T19:44:44.713Z

Updated: 2024-08-06T18:09:16.984Z

Reserved: 2023-01-07T19:44:17.175Z

Link: CVE-2013-10009

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-07T20:15:08.887

Modified: 2024-05-17T00:54:44.800

Link: CVE-2013-10009

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2013-10009", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-01-07T19:44:17.175Z", "datePublished": "2023-01-07T19:44:44.713Z", "dateUpdated": "2024-08-06T18:09:16.984Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-12T08:53:44.970Z"}, "title": "DrAzraelTod pyChao __init__.py lesen sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "DrAzraelTod", "product": "pyChao", "versions": [{"version": "n/a", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in DrAzraelTod pyChao gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion klauen/lesen der Datei mod_fun/__init__.py. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 9d8adbc07c384ba51c2583ce0819c9abb77dc648 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-01-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-01-07T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-01-07T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-01-30T07:41:58.000Z", "lang": "en", "value": "VulDB last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.217634", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.217634", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/DrAzraelTod/pyChao/pull/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648", "tags": ["patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:09:16.984Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.217634", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.217634", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/DrAzraelTod/pyChao/pull/1", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648", "tags": ["patch", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pychao_project:pychao:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5014CC5-59D5-41D5-958B-EFBF6F5E578A", "versionEndExcluding": "2013-11-03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en DrAzraelTod pyChao y se ha clasificado como cr\u00edtica. La funci\u00f3n klauen/lesen del archivo mod_fun/__init__.py es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la inyecci\u00f3n de SQL. El parche se identifica como 9d8adbc07c384ba51c2583ce0819c9abb77dc648. Se recomienda aplicar un parche para solucionar este problema. VDB-217634 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2013-10009", "lastModified": "2024-05-17T00:54:44.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-01-07T20:15:08.887", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/DrAzraelTod/pyChao/commit/9d8adbc07c384ba51c2583ce0819c9abb77dc648"}, {"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/DrAzraelTod/pyChao/pull/1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.217634"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.217634"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}