Update CVE-2023-39796.yaml
Ritik Chaddha
GitHub
parent
7851d8dc92
commit
0c02d70c96
|
|
@ -8,18 +8,17 @@ info:
|
||||||
There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajax_delete_message.php" there is no authentication check. On line 40 in this file, there is a DELETE query that is vulnerable, an attacker could jump from the query using the tick sign - `.
|
There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajax_delete_message.php" there is no authentication check. On line 40 in this file, there is a DELETE query that is vulnerable, an attacker could jump from the query using the tick sign - `.
|
||||||
remediation: Fixed in version 1.6.1
|
remediation: Fixed in version 1.6.1
|
||||||
reference:
|
reference:
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39796
|
- https://forum.wbce.org/viewtopic.php?pid=42046#p42046
|
||||||
https://forum.wbce.org/viewtopic.php?pid=42046#p42046
|
- https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1
|
||||||
https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2023-39796
|
cve-id: CVE-2023-39796
|
||||||
|
cwe-id: CWE-89
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: html:"/wbce/"
|
tags: cve,cve2023,sqli,wbce,intrusive
|
||||||
tags: cve,cve2023,sqli,wbce
|
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue