CVE-2018-25070
low-risk
Published 2023-01-07
A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability.
Do I need to act?
-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Phosphorus Five
Affected Vendors
References (8)
Permissions Required
https://vuldb.com/?ctiid.217606
Third Party Advisory
https://vuldb.com/?id.217606
Permissions Required
https://vuldb.com/?ctiid.217606
Third Party Advisory
https://vuldb.com/?id.217606
24
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal