{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2017-20168", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-01-11T14:54:19.795Z", "datePublished": "2023-01-11T14:54:54.495Z", "dateUpdated": "2025-04-09T13:51:25.061Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T11:48:28.996Z"}, "title": "jfm-so piWallet api.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "jfm-so", "product": "piWallet", "versions": [{"version": "n/a", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in jfm-so piWallet ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei api.php. Durch Manipulieren des Arguments key mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-01-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-01-11T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-01-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-02-01T16:47:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.218006", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.218006", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/jfm-so/piWallet/pull/23", "tags": ["issue-tracking"]}, {"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb", "tags": ["patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:45:26.019Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.218006", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.218006", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/jfm-so/piWallet/pull/23", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb", "tags": ["patch", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T13:51:16.070041Z", "id": "CVE-2017-20168", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T13:51:25.061Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.218006", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.218006", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/jfm-so/piWallet/pull/23", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:45:26.019Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-20168", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-09T13:51:16.070041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T13:51:20.790Z"}}], "cna": {"title": "jfm-so piWallet api.php sql injection", "credits": [{"lang": "en", "type": "tool", "value": "VulDB GitHub Commit Analyzer"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "jfm-so", "product": "piWallet", "versions": [{"status": "affected", "version": "n/a"}]}], "timeline": [{"lang": "en", "time": "2023-01-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-01-11T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-01-11T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-02-01T16:47:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.218006", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.218006", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/jfm-so/piWallet/pull/23", "tags": ["issue-tracking"]}, {"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in jfm-so piWallet ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei api.php. Durch Manipulieren des Arguments key mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T11:48:28.996Z"}}}, "cveMetadata": {"cveId": "CVE-2017-20168", "state": "PUBLISHED", "dateUpdated": "2025-04-09T13:51:25.061Z", "dateReserved": "2023-01-11T14:54:19.795Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-01-11T14:54:54.495Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:piwallet_project:piwallet:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2640407-7C2D-4ECE-9D91-F1731C81761F", "versionEndExcluding": "2017-03-26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en jfm-so piWallet. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo api.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la clave del argumento conduce a la inyecci\u00f3n SQL. El parche se identifica como b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. Se recomienda aplicar un parche para solucionar este problema. VDB-218006 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2017-20168", "lastModified": "2024-11-21T03:22:47.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-11T15:15:09.000", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/jfm-so/piWallet/pull/23"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.218006"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.218006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/jfm-so/piWallet/pull/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.218006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.218006"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}