PT-2022-15928 · Xmpie · Xmpie Ustore
Matt Schmidt
+1
·
Published
2022-02-07
·
Updated
2023-08-08
·
CVE-2022-23320
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
XMPie uStore version 12.3.7244.0
Description
The issue allows administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.
Recommendations
For XMPie uStore version 12.3.7244.0, change the default administrative credentials to prevent unauthorized access and consider restricting the ability to generate reports based on raw SQL queries to minimize the risk of sensitive information exfiltration.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xmpie Ustore