MEDIUM🇵🇱 Wersja polska

CVE-2023-4851

CVSS 6.3v3.1pub. 2023-09-09upd. 2024-11-21

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • Ibos

    APP
    Ibos
    4.5.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-28265CRITICAL9.1PL ✓ten sam produkt

IBOS v4.5.5 — podatność umożliwiająca usunięcie dowolnego pliku

CVE-2020-21786CRITICAL9.8ten sam produkt

In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronCon...

CVE-2020-21785HIGH8.8ten sam produkt

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.

CVE-2023-4849MEDIUM6.3ten sam produkt

A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is ...

CVE-2023-4850MEDIUM6.3ten sam produkt

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of...