MEDIUM🇵🇱 Wersja polska

CVE-2023-4850

CVSS 6.3v3.1pub. 2023-09-09upd. 2024-11-21

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • Ibos

    APP
    Ibos
    4.5.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-28265CRITICAL9.1PL ✓ten sam produkt

IBOS v4.5.5 — podatność umożliwiająca usunięcie dowolnego pliku

CVE-2020-21786CRITICAL9.8ten sam produkt

In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronCon...

CVE-2020-21785HIGH8.8ten sam produkt

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.

CVE-2023-4849MEDIUM6.3ten sam produkt

A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is ...

CVE-2023-4851MEDIUM6.3ten sam produkt

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown...