How severe is CVE-2015-10091?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2015-10091?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2015-10091 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.

Related Vulnerabilities

CVE-2006-5738

HIGH

CVSS:7.2(High)

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

CWE-892006

CVE-2014-6045

HIGH

CVSS:7.2(High)

SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.

CWE-892014

CVE-2015-2062

HIGH

CVSS:7.2(High)

Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide paramete...

CWE-892015

CVE-2015-5533

HIGH

CVSS:7.2(High)

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_...

CWE-892015

CVE-2015-5591

HIGH

CVSS:7.2(High)

SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.

CWE-892015

CVE-2015-7338

HIGH

CVSS:7.2(High)

SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.

CWE-892015