MEDIUM🇬🇧 English

CVE-2023-4851

CVSS 6.3v3.1pub. 2023-09-09upd. 2024-11-21

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • Ibos

    APP
    Ibos
    4.5.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2024-28265CRITICAL9.1PL ✓ten sam produkt

IBOS v4.5.5 — podatność umożliwiająca usunięcie dowolnego pliku

CVE-2020-21786CRITICAL9.8ten sam produkt

In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronCon...

CVE-2020-21785HIGH8.8ten sam produkt

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.

CVE-2023-4849MEDIUM6.3ten sam produkt

A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is ...

CVE-2023-4850MEDIUM6.3ten sam produkt

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of...