Hello Markus,
this bug can be exploited only if you already have access to hoteldruid
administrator account. Also it only affects mysql database, by default
this debian package uses sqlite. Anyway a new version should be out soon.
Regards,
Marco
Il 22/12/18 16:39, Markus Koschany ha scritto:
Package: hoteldruid
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for hoteldruid. I couldn't
find a bug tracker or code repository for hoteldruid but it seems you
are involved in upstream development somehow. Are you aware of this
issue already?
CVE-2018-1000871[0]:
| HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL
| Injection vulnerability in "id_utente_mod" parameter in
| gestione_utenti.php file that can result in An attacker can dump all
| the database records of backend webserver. This attack appear to be
| exploitable via the attack can be done by anyone via specially crafted
| sql query passed to the "id_utente_mod=1" parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1000871
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000871
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
