CVE-2014-125083

Description

A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Anant Labs / google-enterprise-connector-dctm3.2.0 – 3.2.0
Anant Labs / google-enterprise-connector-dctm3.2.1 – 3.2.1
Anant Labs / google-enterprise-connector-dctm3.2.2 – 3.2.2
Anant Labs / google-enterprise-connector-dctm3.2.3 – 3.2.3

References

MISChttps://vuldb.com/?id.218911
MISChttps://vuldb.com/?ctiid.218911
PATCHhttps://github.com/AnantLabs/google-enterprise-connector-dctm/commit/6fba04f18ab7764002a1da308e7cd9712b501cb7