Home > Vulnerability Database > CVE-2015-10057

Mend.io Vulnerability Database

CVE-2015-10057

Date: January 16, 2023

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.

Language: PHP

Severity Score

4.6

Related Resources (6)

Url: https://vuldb.com/?id.218401

Url: https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-10057

Url: https://github.com/little-apps/little-software-stats/releases/tag/v0.2

Url: https://vuldb.com/?ctiid.218401

Url: https://www.mend.io/vulnerability-database/CVE-2015-10057

Severity Score

4.6

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.0
Access Vector (AV):	ADJACENT
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-10057

Date: January 16, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?