CVE-2018-25070

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-25070
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25070.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-25070
Published
2023-01-07T11:15:08Z
Modified
2025-01-08T10:19:49.526181Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/polterguy/phosphorusfive

Affected ranges

Type
GIT
Repo
https://github.com/polterguy/phosphorusfive
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0
v1.0-BETA
v1.0-BETA10
v1.0-BETA11
v1.0-BETA12
v1.0-BETA13
v1.0-BETA14
v1.0-BETA15
v1.0-BETA16
v1.0-BETA17
v1.0-BETA18
v1.0-BETA19
v1.0-BETA2
v1.0-BETA20
v1.0-BETA21
v1.0-BETA22
v1.0-BETA3
v1.0-BETA4
v1.0-BETA5
v1.0-BETA6
v1.0-BETA7
v1.0-BETA8
v1.0-BETA9
v1.0-RC1
v1.0-RC2
v1.0-RC3
v1.1
v1.1-BETA1

v2.*

v2.0
v2.1
v2.2

v3.*

v3.0
v3.1
v3.2
v3.3

v4.*

v4.0
v4.0-2
v4.0-BETA1
v4.0-BETA2
v4.0-RC1
v4.0-RC2
v4.0-x
v4.1
v4.2
v4.3
v4.4
v4.5
v4.7
v4.8BETA
v4.9
v4.95
v4.96

v5.*

v5.0
v5.1
v5.5
v5.7
v5.8
v5.9

v6.*

v6.0
v6.1
v6.2

v7.*

v7.0
v7.2

v8.*

v8.0
v8.1
v8.1.1
v8.2