Arthur Naullet

Researcher fromOrange CERT-CC
#17715of 53,638
15.2Total CVSS
Vulnerabilities · 2
Medium
1
Critical
1
PT-2023-31545
9.1
2023-12-09
Unknown · Izybat Orange Casiers · CVE-2023-50429
**Name of the Vulnerable Software and Affected Versions** IzyBat Orange casiers before 20230803 1 **Description** The issue allows SQL injection in the getEnsemble.php ensemble. **Recommendations** For IzyBat Orange casiers before 20230803 1, update to a version 20230803 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the getEnsemble.php endpoint until a patch is available. Avoid using the `ensemble` parameter in the affected endpoint until the issue is resolved.
PT-2021-23680
6.1
2021-11-08
Opnsense · Opnsense · CVE-2021-42770
**Name of the Vulnerable Software and Affected Versions** OPNsense versions prior to 21.7.4 **Description** A Cross-site scripting (XSS) vulnerability was discovered in OPNsense via the LDAP attribute return in the authentication tester. This issue allows for potential exploitation through the `LDAP attribute` return, which is used in the `authentication tester`. **Recommendations** For OPNsense versions prior to 21.7.4, update to version 21.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the authentication tester until a patch is applied.