CVE-2023-43192

Опубликовано: 27 сент. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.

Ссылки

https://github.com/etn0tw/cve_sql/blob/main/jfinalcms_sql.md
Broken Link
Exploit
Third Party Advisory
https://github.com/etn0tw/cve_sql/blob/main/springbootcms_sql.md
Exploit
Third Party Advisory
https://github.com/etn0tw/cve_sql/blob/main/jfinalcms_sql.md
Broken Link
Exploit
Third Party Advisory
https://github.com/etn0tw/cve_sql/blob/main/springbootcms_sql.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jrecms:springbootcms:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00167

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-q396-xfjm-r6q8

CVSS3: 9.8

github

больше 2 лет назад

SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.