CVE-2019-1010034: SQL Injection
First published: Mon Jul 15 2019(Updated: )
Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC.
Credit: josh@bress.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deepsoft Weblibrarian | <=3.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-1010034.
What is the severity of CVE-2019-1010034?
The severity of CVE-2019-1010034 is medium.
How does CVE-2019-1010034 impact the system?
CVE-2019-1010034 exposes the entire database due to SQL Injection.
Which component of Deepwoods Software WebLibrarian is affected by CVE-2019-1010034?
The component affected by CVE-2019-1010034 is the function "AllBarCodes" defined at line 1018 of database_code.php.
How can I fix CVE-2019-1010034 in Deepwoods Software WebLibrarian?
To fix CVE-2019-1010034 in Deepwoods Software WebLibrarian, update to a version later than 3.5.2 and ensure proper input validation and sanitization to prevent SQL Injection.
- collector/nvd-index
- vendor/deepsoft
- canonical/deepsoft weblibrarian
- version/deepsoft weblibrarian/3.5.2