CVE-2015-7564 – nilsteampassnet/teampass

Package

Manager: composer
Name: nilsteampassnet/teampass
Vulnerable Version: >=0 <2.1.25

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01891 pctl0.8248

Details

TeamPass vulnerable to SQL Injection Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.

Metadata

Created: 2022-05-17T02:49:24Z
Modified: 2025-04-22T17:33:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r64j-5w3w-fp49/GHSA-r64j-5w3w-fp49.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-r64j-5w3w-fp49
Finding: F297
Auto approve: 1