Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability found for Advance-Flow Forms by OSK Co., LTD

JVNDB-2014-000099

Vulnerability from jvndb - Published: 2014-08-19 12:35 - Updated:2014-08-20 16:26
Severity ?
N/A (UNKNOWN) - -
Summary
Advance-Flow vulnerable to SQL injection
Details
Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000099.html",
  "dc:date": "2014-08-20T16:26+09:00",
  "dcterms:issued": "2014-08-19T12:35+09:00",
  "dcterms:modified": "2014-08-20T16:26+09:00",
  "description": "Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection.\r\n\r\nYoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000099.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:osk:advance-flow",
      "@product": "Advance-Flow",
      "@vendor": "OSK Co., LTD",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:osk:advance-flow_forms",
      "@product": "Advance-Flow Forms",
      "@vendor": "OSK Co., LTD",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.5",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000099",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN20812625/index.html",
      "@id": "JVN#20812625",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3906",
      "@id": "CVE-2014-3906",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3906",
      "@id": "CVE-2014-3906",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "Advance-Flow vulnerable to SQL injection"
}