XiaoBingBy TeaCMS up to 2.0.2 /admin/getallarticleinfo searchInfo sql injection

EntryHistoryDiffjsonxmlCTI

A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was released 03/18/2023. The advisory is available at gitee.com. This vulnerability was named CVE-2023-1483. The attack can be initiated remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1505 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	03/18/2023 09:45	04/11/2023 17:18	04/11/2023 17:26
vendor	XiaoBingBy	XiaoBingBy	XiaoBingBy
name	TeaCMS	TeaCMS	TeaCMS
version	<=2.0.2	<=2.0.2	<=2.0.2
file	/admin/getallarticleinfo	/admin/getallarticleinfo	/admin/getallarticleinfo
argument	searchInfo	searchInfo	searchInfo
cwe	89 (sql injection)	89 (sql injection)	89 (sql injection)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rc	R	R	R
url	https://gitee.com/xiaobingby/TeaCMS/issues/I6IJ0K	https://gitee.com/xiaobingby/TeaCMS/issues/I6IJ0K	https://gitee.com/xiaobingby/TeaCMS/issues/I6IJ0K
cve	CVE-2023-1483	CVE-2023-1483	CVE-2023-1483
responsible	VulDB	VulDB	VulDB
date	1679094000 (03/18/2023)	1679094000 (03/18/2023)	1679094000 (03/18/2023)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	6.2	6.2	6.2
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.1	6.1	6.1
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	6.1	6.1	7.4
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1679094000 (03/18/2023)	1679094000 (03/18/2023)
cve_nvd_summary		A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.	A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			6.5
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			6.3

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!