CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql injection. Upgrading to version 10.58.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-235061 was assigned to this vulnerability.
References
Link Resource
https://vuldb.com/?ctiid.235061 Permissions Required Third Party Advisory
https://vuldb.com/?id.235061 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*

History

28 Jul 2023, 00:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Weaver e-cology
Weaver
CPE cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
References (MISC) https://vuldb.com/?id.235061 - (MISC) https://vuldb.com/?id.235061 - Permissions Required, Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.235061 - (MISC) https://vuldb.com/?ctiid.235061 - Permissions Required, Third Party Advisory

20 Jul 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-20 20:15

Updated : 2024-05-17 02:27


NVD link : CVE-2023-3793

Mitre link : CVE-2023-3793

CVE.ORG link : CVE-2023-3793


JSON object : View

Products Affected

weaver

  • e-cology
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')