Search criteria
1 vulnerability by jfm-so
CVE-2017-20168 (GCVE-0-2017-20168)
Vulnerability from cvelistv5 ā Published: 2023-01-11 14:54 ā Updated: 2025-04-09 13:51
VLAI
Title
jfm-so piWallet api.php sql injection
Summary
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.
Severity
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.218006 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.218006 | signaturepermissions-required |
| https://github.com/jfm-so/piWallet/pull/23 | issue-tracking |
| https://github.com/jfm-so/piWallet/commit/b420f8cā¦ | patch |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:26.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.218006"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.218006"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/jfm-so/piWallet/pull/23"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:51:16.070041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:51:25.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "piWallet",
"vendor": "jfm-so",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in jfm-so piWallet ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei api.php. Durch Manipulieren des Arguments key mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T11:48:28.996Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.218006"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.218006"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jfm-so/piWallet/pull/23"
},
{
"tags": [
"patch"
],
"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-11T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-02-01T16:47:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "jfm-so piWallet api.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20168",
"datePublished": "2023-01-11T14:54:54.495Z",
"dateReserved": "2023-01-11T14:54:19.795Z",
"dateUpdated": "2025-04-09T13:51:25.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}