{"containers": {"cna": {"affected": [{"product": "ProcessMaker Enterprise", "vendor": "ProcessMaker", "versions": [{"status": "affected", "version": "ProcessMaker Enterprise Core 3.0.1.7-community"}]}], "datePublic": "2017-07-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "SQL injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T19:17:28.000Z", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2017-07-19T00:00:00", "ID": "CVE-2016-9048", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ProcessMaker Enterprise", "version": {"version_data": [{"version_value": "ProcessMaker Enterprise Core 3.0.1.7-community"}]}}]}, "vendor_name": "ProcessMaker"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system."}]}, "impact": {"cvss": {"baseScore": 7.4, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SQL injection"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:09.816Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2016-9048", "datePublished": "2018-09-10T16:00:00.000Z", "dateReserved": "2016-10-26T00:00:00.000Z", "dateUpdated": "2024-09-16T22:40:42.051Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:processmaker:processmaker:3.0.1.7:*:*:*:community:*:*:*", "matchCriteriaId": "1884CA02-FE5F-4176-8A5E-7A9EDA663CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:processmaker:processmaker:3.0.1.7:*:*:*:enterprise:*:*:*", "matchCriteriaId": "42F4E29D-3EC9-4F56-B260-7334C6FBEECA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system."}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en ProcessMaker Enterprise Core 3.0.1.7-community. Las peticiones web especialmente manipuladas pueden provocar una inyecci\u00f3n SQL. Un atacante puede enviar una petici\u00f3n web con par\u00e1metros que contienen ataques de inyecci\u00f3n SQL para desencadenar esta vulnerabilidad, lo que podr\u00eda permitir la exfiltraci\u00f3n de la base de datos, credenciales de usuario y, en ciertas instalaciones, el sistema operativo subyacente"}], "id": "CVE-2016-9048", "lastModified": "2024-11-21T03:00:30.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-10T16:29:00.793", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0313"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}