PT-2023-17087 · Datagear · Datagear

Yangyanglo

Publicado

2023-03-22

Atualizado

2024-05-17

CVE-2023-1571

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DataGear versions up to 4.5.0

Description A critical issue was found in DataGear, affecting an unknown part of the file /analysisProject/pagingQueryData. The manipulation of the queryOrder argument leads to sql injection. It is possible to initiate the attack remotely.

Recommendations For versions up to 4.5.0, upgrade to version 4.5.1 to address this issue. As a temporary workaround, consider restricting access to the /analysisProject/pagingQueryData endpoint until the issue is resolved. Avoid using the queryOrder argument in the affected endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-1571

Produtos afetados

Datagear

PT-2023-17087 · Datagear · Datagear

CVE-2023-1571

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6