CVE-2015-7564: TeamPass vulnerable to SQL Injection

May 17, 2022 (updated April 22, 2025)

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.

References

github.com/advisories/GHSA-r64j-5w3w-fp49
github.com/nilsteampassnet/TeamPass
github.com/nilsteampassnet/TeamPass/pull/1140
nvd.nist.gov/vuln/detail/CVE-2015-7564
www.exploit-db.com/exploits/39559

Code Behaviors & Features

Detect and mitigate CVE-2015-7564 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →