CVE-2023-48118

Опубликовано: 22 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page.

Ссылки

https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept
Exploit
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md
Third Party Advisory
https://www.quest-analytics.com/
Product
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept
Exploit
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md
Third Party Advisory
https://www.quest-analytics.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quest-analytics:iqcrm:2023.9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01297

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-x22g-h3w3-4m5v