XiaoBingBy TeaCMS up to 2.0.2 /admin/getallarticleinfo searchInfo sql injection
A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was released 03/18/2023. The advisory is available at gitee.com. This vulnerability was named CVE-2023-1483. The attack can be initiated remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1505 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.