PT-2023-18598 · Unknown · Izybat Orange Casiers
Hugo Vovard
·
Publicado
2023-01-23
·
Atualizado
2023-02-02
·
CVE-2023-22630
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IzyBat Orange casiers versions before 20221102 1
Description
The issue allows SQL Injection via a "getCasier.php?taille=" URI.
Recommendations
For versions before 20221102 1, update to a version 20221102 1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "getCasier.php" endpoint until a patch is available.
Avoid using the
taille parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Izybat Orange Casiers