PT-2023-26188 · Unknown · Weaver E-Cology

Hiroki Sawada

Publicado

2023-07-20

Atualizado

2024-05-17

CVE-2023-3793

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Weaver e-cology versions prior to 10.58.0

Description A critical issue affects the HTTP POST Request Handler component of Weaver e-cology, specifically the file filelFileDownloadForOutDoc.class. The manipulation of the fileid argument with the input 1+WAITFOR+DELAY leads to SQL injection.

Recommendations Upgrade to version 10.58.0 to address this issue. As a temporary workaround, consider restricting the input for the fileid argument in the HTTP POST Request Handler to prevent SQL injection attacks.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-3793

Produtos afetados

Weaver E-Cology

PT-2023-26188 · Unknown · Weaver E-Cology

CVE-2023-3793

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9