CVE-2023-43192 - Vulnerability Details - OpenCVE

SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Jrecms	Springbootcms

Configuration 1 [-]

cpe:2.3:a:jrecms:springbootcms:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/etn0tw/cve_sql/blob/main/jfinalcms_sql.md
https://github.com/etn0tw/cve_sql/blob/main/springbootcms_sql.md

History

Tue, 24 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-27T00:00:00

Updated: 2024-09-24T14:24:50.700Z

Reserved: 2023-09-18T00:00:00

Link: CVE-2023-43192

Vulnrichment

Updated: 2024-08-02T19:37:23.418Z

NVD

Status : Modified

Published: 2023-09-27T22:15:09.700

Modified: 2024-11-21T08:23:47.940

Link: CVE-2023-43192

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jrecms:springbootcms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F34076A4-D906-47FF-A479-CD4F89469925", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement."}, {"lang": "es", "value": "La inyecci\u00f3n SQL puede existir en una parte reci\u00e9n creada del background de SpringbootCMS 1.0 y los par\u00e1metros enviados por los usuarios no se filtran. Como resultado, los caracteres especiales en los par\u00e1metros destruyen la l\u00f3gica original de las declaraciones SQL. Los atacantes pueden utilizar esta vulnerabilidad para ejecutar cualquier declaraci\u00f3n SQL."}], "id": "CVE-2023-43192", "lastModified": "2024-11-21T08:23:47.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T22:15:09.700", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Third Party Advisory"], "url": "https://github.com/etn0tw/cve_sql/blob/main/jfinalcms_sql.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/etn0tw/cve_sql/blob/main/springbootcms_sql.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Exploit", "Third Party Advisory"], "url": "https://github.com/etn0tw/cve_sql/blob/main/jfinalcms_sql.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/etn0tw/cve_sql/blob/main/springbootcms_sql.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}