CVE-2015-0842 — yubiserver before 0.6 is prone to SQL injection issues, potentially leading to a... | CVE Daily

Critical CVSS 9.8

Overview

yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.

CWE: CWE-89 Published: 2025-06-26T22:15:24.503

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: sql, unauth_access (tag impact: HIGH)

Recommended actions:

Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.
Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags