Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2017-0152

Good to know:

icon
icon

Date: June 19, 2015

Affected versions of the foundation-sites package are vulnerable to SQL Injection due to not properly escaping the startkey/endkey in the allDocs() function.

Language: Java

Severity Score

Related Resources (3)

https://github.com/zurb/foundation-sites/issues/6639
https://github.com/zurb/foundation-sites/commit/bf57af9429fbe5e4b18e32e951504136df996e10
https://www.mend.io/vulnerability-database/WS-2017-0152

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

icon

Upgrade Version

Upgrade to version lionart/edifice - no_fix;zurb/foundation - v5.2.2;zurb/foundation - v5.4.6;zurb/foundation - v5.x-dev;zurb/foundation - 5.0.3;zurb/foundation - v5.3.0;zurb/foundation - v5.2.0;zurb/foundation - v5.4;foundation/foundation-sites - v5.x-dev;foundation/foundation-sites - dev-dependabot/npm_and_yarn/terser-4.8.1;foundation/foundation-sites - v5.5.3;foundation/foundation-sites - v5.2.0;foundation/foundation-sites - dev-dependabot/npm_and_yarn/json5-1.0.2;illarra/core-bundle - no_fix;skullyframework/skully-amazon-s3 - no_fix;tuxone/foundation-bundle - 3.2.3;tuxone/foundation-bundle - no_fix;priithansen/silverstripe-foundation-boilerplate - no_fix;priithansen/silverstripe-foundation-boilerplate - 3.2.5;codenamegary/l4layouts - 0.1.0;codenamegary/l4layouts - no_fix;valicek1/nestraps - v1.1.2;molajo/framework - v0.2;skullyframework/skully-admin - no_fix;skullyframework/skully-admin - v.0.1.7;skullyframework/skully-admin - v0.1.8;skullyframework/skully-admin - v0.1.28;MonoX.CMS.Theme.Default - no_fix;Simplr.Angular.Module.Structure - no_fix;my-oos/my-oos - v2.0.56;designs2/foundation-to-contao - ftc;designs2/foundation-to-contao - no_fix;skullyframework/project - v0.1.0;mapseven/neos-snippets - no_fix;csanquer/twig-front-dev - no_fix;Foundation5.Core.Sass - no_fix;Foundation5.Core.Sass - 5.1.1;itlized/zurb-foundation - no_fix;avantassel/avt-api-docs - no_fix;Foundation5.Core - 5.5.0;SimplrAngularModuleStructure - no_fix;phpugl/dime-timetracker-frontend-bundle - dev-settings;erwin32/nette-foundation-sandbox - no_fix;jayhealey/webception - no_fix;designs2/codeowl_fw_foundation - 2.0.0;codenamegary/l4-skeleton - v0.2;codenamegary/l4-skeleton - no_fix;awecode/awecms - no_fix;Foundation4.Core.Sass - no_fix;agentmedia/phine-project - no_fix;agentmedia/phine-project - v1.0.2;simpletree/yii2foundation - no_fix;linchpinstudios/yii2-foundation - no_fix;bmatzner/foundation-bundle - 5.5.3;rywa/silverstripe-foundation - 1.0.1;molajo/molajo - v0.2;Foundation4.Core - no_fix;2amigos/yiifoundation - no_fix;cundd/noshi-website - no_fix;components/foundation - 4.1.2;foglcz/nestraps - v1.0.0;foundation-sites - 5.5.3;bardis/cms-symfony2 - v1.2.0;org.webjars:foundation:5.0.2;org.webjars:foundation:5.4.5;org.webjars:foundation:5.2.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us