CVE-2023-34249

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software manually to avoid this problem by sanitizing user queries to BulletinDatabaseModule.py.

Ссылки

https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2
Patch
https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg
Mitigation
Patch
Third Party Advisory
https://github.com/benjjvi/PyBB/commit/dcaeccd37198ecd3e41ea766d1099354b60d69c2
Patch
https://github.com/benjjvi/PyBB/security/advisories/GHSA-5qrx-fgxq-95gg
Mitigation
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pybb_project:pybb:*:*:*:*:*:*:*:*

Версия до 0.1.0 (исключая)

EPSS

Процентиль: 21%

0.00067

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89