PT-2017-9354 · Cybozu · Cybozu Garoon

Published

2017-06-09

Updated

2017-06-13

CVE-2016-7803

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 3.0.0 through 4.2.2

Description The issue allows remote authenticated attackers to execute arbitrary SQL commands via the "MultiReport" function. This can potentially lead to unauthorized data access or modification.

Recommendations For Cybozu Garoon versions 3.0.0 through 4.2.2, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "MultiReport" function to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2016-7803

Affected Products

Cybozu Garoon

PT-2017-9354 · Cybozu · Cybozu Garoon

CVE-2016-7803

Weakness Enumeration

Related Identifiers

Affected Products

References · 5