PT-2023-23322 · Evasys · Evasys

Bsc

Published

2023-05-02

Updated

2023-05-09

CVE-2023-31433

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions evasys versions prior to 8.2 Build 2286 evasys versions 9.x prior to 9.0 Build 2401

Description A SQL injection issue in Logbuch in evasys allows authenticated attackers to execute SQL statements via the welche parameter.

Recommendations For evasys versions prior to 8.2 Build 2286, update to version 8.2 Build 2286 or later. For evasys versions 9.x prior to 9.0 Build 2401, update to version 9.0 Build 2401 or later. As a temporary workaround, consider restricting access to the welche parameter to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-31433

Affected Products

Evasys

PT-2023-23322 · Evasys · Evasys

CVE-2023-31433

Weakness Enumeration

Related Identifiers

Affected Products

References · 5