CVE-2023-30323

Опубликовано: 06 июл. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.

Ссылки

https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60
Product
https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/
Third Party Advisory
https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60
Product
https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00065

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-gphx-5ffw-cxgw