CVE-2023-45800

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

mproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.

References

Link	Resource
https://hanbiro.com/	Product
https://hanbiro.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:hanbiro:groupware:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://hanbiro.com/ - Product~~	() https://hanbiro.com/ - Product

Information

Published : 2023-12-13 02:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45800

Mitre link : CVE-2023-45800

CVE.ORG link : CVE-2023-45800

JSON object : View

Products Affected

groupware

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-45800", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-13T02:15:07.323", "references": [{"url": "https://hanbiro.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://hanbiro.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.\n\n"}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el software colaborativo Hanbiro Hanbiro permite la obtenci\u00f3n de informaci\u00f3n. Este problema afecta al software colaborativo Hanbiro: desde V3.8.79 antes de V3.8.81.1."}], "lastModified": "2024-11-21T08:27:22.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hanbiro:groupware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A78D52F3-B19F-4BBD-9EE1-613EF89C79F0", "versionEndExcluding": "3.8.81.1", "versionStartIncluding": "3.8.79"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}