以下是从网页截图中提取的关于漏洞的关键信息,使用简洁的Markdown格式呈现: --- 漏洞概述 Vulnerability ID: VDB-220453, CVE-2015-10076, GCVE-100-220453 Severity: Critical Affected Versions: Dimtion Shaarlier up to 1.2.2 漏洞详情 Component: File: Function: CVE: CVE-2015-10076 CWE: CWE-89 (SQL Injection) Impact: Affects confidentiality, integrity, and availability 漏洞描述 A vulnerability was found in up to version which affects the function. This component uses external input for SQL command construction, leading to a SQL injection vulnerability when sent to a downstream component. 技术细节与修复 Vulnerability Presented Date: 02/08/2023 Advisory ID: No Exploit Available MITRE ATT&CK: T1505 technique used 修复与缓解措施 Upgrade: Version 1.2.3 or later Patch: Available at GitHub Best Mitigation: Upgrade to the latest version