CVE-2023-27167

Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://suprema.com	Broken Link
https://biostar2.ciklum.net/api/users/absence?search_month=1	Broken Link
https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
https://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995/	Exploit Third Party Advisory
https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/	Permissions Required
http://suprema.com	Broken Link
https://biostar2.ciklum.net/api/users/absence?search_month=1	Broken Link
https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
https://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995/	Exploit Third Party Advisory
https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:52

Type	Values Removed	Values Added
References	~~() http://suprema.com - Broken Link~~	() http://suprema.com - Broken Link
References	~~() https://biostar2.ciklum.net/api/users/absence?search_month=1 - Broken Link~~	() https://biostar2.ciklum.net/api/users/absence?search_month=1 - Broken Link
References	~~() https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry~~	() https://packetstormsecurity.com/files/171523/Suprema-BioStar-2-2.8.16-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry
References	~~() https://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995/ - Exploit, Third Party Advisory~~	() https://protey.net/threads/cve-2023-27167-suprema-biostar-2-v2-8-16-sql-injection.995/ - Exploit, Third Party Advisory
References	~~() https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/ - Permissions Required~~	() https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/ - Permissions Required

Information

Published : 2023-03-29 17:15

Updated : 2024-11-21 07:52

NVD link : CVE-2023-27167

Mitre link : CVE-2023-27167

CVE.ORG link : CVE-2023-27167

JSON object : View

Products Affected

supremainc

biostar_2

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.5 /10