Nixpkgs Security Tracker

Dismissed

Permalink CVE-2019-25457

8.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
2 packages
- tests.home-assistant-component-tests.firmata
- home-assistant-component-tests.firmata
1 month ago
@LeSuisse dismissed 1 month ago

Web Ofisi Firma v13 SQL Injection via oz Parameter

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.

References

ExploitDB-47145 exploit
Official Product Homepage product
VulnCheck Advisory: Web Ofisi Firma v13 SQL Injection via oz Parameter third-party-advisory

Affected products

Firma

==v13

Ignored packages (2)

pkgs.home-assistant-component-tests.firmata

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.firmata

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.2
- nixpkgs-unstable 2026.2.2
- nixos-unstable-small 2026.2.3

Not present in nixpkgs

Suggestion detail

References

Affected products

pkgs.home-assistant-component-tests.firmata

pkgs.tests.home-assistant-component-tests.firmata