Zhong Bang CRMEB Java hasta 1.3.4 list getAdminList cateId sql injection

Una vulnerabilidad ha sido encontrada en Zhong Bang CRMEB Java hasta 1.3.4 y clasificada como crítica. La función getAdminList del archivo /api/admin/store/product/list es afectada por esta vulnerabilidad. Mediante la manipulación del parámetro cateId de un input desconocido se causa una vulnerabilidad de clase sql injection. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2023-1608. El ataque puede ser realizado a través de la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. El exploit puede ser descargado de github.com. Una solución posible ha sido publicada antes y no simplemente después de la publicación de la vulnerabilidad.

Campo2023-04-13 18:002023-04-13 18:082024-03-29 04:26
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.75.75.7
cvss3_meta_basescore6.37.57.5
cvss3_meta_tempscore5.77.37.3
price_0day$0-$5k$0-$5k$0-$5k
vendorZhong BangZhong BangZhong Bang
nameCRMEB JavaCRMEB JavaCRMEB Java
version<=1.3.4<=1.3.4<=1.3.4
file/api/admin/store/product/list/api/admin/store/product/list/api/admin/store/product/list
functiongetAdminListgetAdminListgetAdminList
argumentcateIdcateIdcateId
cwe89 (sql injection)89 (sql injection)89 (sql injection)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
identifier111111
urlhttps://github.com/crmeb/crmeb_java/issues/11https://github.com/crmeb/crmeb_java/issues/11https://github.com/crmeb/crmeb_java/issues/11
availability111
publicity111
urlhttps://github.com/crmeb/crmeb_java/issues/11https://github.com/crmeb/crmeb_java/issues/11https://github.com/crmeb/crmeb_java/issues/11
cveCVE-2023-1608CVE-2023-1608CVE-2023-1608
responsibleVulDBVulDBVulDB
date1679526000 (2023-03-23)1679526000 (2023-03-23)1679526000 (2023-03-23)
typeProgramming Language SoftwareProgramming Language SoftwareE-Commerce Management Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cve_assigned1679526000 (2023-03-23)1679526000 (2023-03-23)1679526000 (2023-03-23)
cve_nvd_summaryA vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aLL
cve_cnaVulDBVulDB
cvss2_nvd_basescore6.56.5
cvss3_nvd_basescore9.89.8
cvss3_cna_basescore6.36.3
cvss4_vuldb_avN
cvss4_vuldb_acL
cvss4_vuldb_prL
cvss4_vuldb_uiN
cvss4_vuldb_vcL
cvss4_vuldb_viL
cvss4_vuldb_vaL
cvss4_vuldb_eP
cvss4_vuldb_atN
cvss4_vuldb_scN
cvss4_vuldb_siN
cvss4_vuldb_saN
cvss4_vuldb_bscore5.3
cvss4_vuldb_btscore2.1

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!