{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2017-20168","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-01-11T14:54:19.795Z","datePublished":"2023-01-11T14:54:54.495Z","dateUpdated":"2025-04-09T13:51:25.061Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-20T11:48:28.996Z"},"title":"jfm-so piWallet api.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"jfm-so","product":"piWallet","versions":[{"version":"n/a","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."},{"lang":"de","value":"Eine kritische Schwachstelle wurde in jfm-so piWallet ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei api.php. Durch Manipulieren des Arguments key mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":5.5,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.5,"vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.2,"vectorString":"AV:A/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-01-11T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-01-11T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-01-11T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-02-01T16:47:48.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"VulDB GitHub Commit Analyzer","type":"tool"}],"references":[{"url":"https://vuldb.com/?id.218006","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.218006","tags":["signature","permissions-required"]},{"url":"https://github.com/jfm-so/piWallet/pull/23","tags":["issue-tracking"]},{"url":"https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb","tags":["patch"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T21:45:26.019Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.218006","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.218006","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/jfm-so/piWallet/pull/23","tags":["issue-tracking","x_transferred"]},{"url":"https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb","tags":["patch","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-09T13:51:16.070041Z","id":"CVE-2017-20168","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-09T13:51:25.061Z"}}]}}