Shibby Tomato tomatodata.cgi get_ups_field stack-based overflow_CVE-2026-10065

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

Description

A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2026-10065

Source VulDB

Published May 29, 2026 at 15:00

Affected Product

Vendor Shibby

Product Tomato

Version 1.28

Affected Versions Shibby Tomato 1.28

CWE Classification

CWE-121 CWE-119

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-05-29T15:00:18.193Z",
    "modified": "2026-05-29T15:00:18.193Z",
    "type": "cve",
    "title": "Shibby Tomato tomatodata.cgi get_ups_field stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367151\nhttps://vuldb.com/vuln/367151/cti\nhttps://vuldb.com/submit/818144\nhttps://gitee.com/Fengyi-Wang/CVE/issues/IJK7BC",
    "id": "CVE-2026-10065",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Shibby Tomato 1.28",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tomato",
    "version": "1.28",
    "vendor": "Shibby",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}