Primary

Context

Apache VCL SQL Injection Vulnerability in Block Allocation Form

Vulnerability

Patched

A SQL injection vulnerability has been identified in Apache VCL versions 2.2 through 2.5.1. This vulnerability allows users to manipulate form data when requesting a new Block Allocation, potentially altering a SELECT SQL statement. However, the data returned by the SELECT statement is not accessible to the attacker.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries and potentially access or modify database information.

Remediation

Users are advised to upgrade to Apache VCL version 2.5.2, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache VCL SQL Injection Vulnerability in Block Allocation Form

Vulnerability

Impact

Remediation

Affected Products

Apache VCL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating