CVE-2023-38995

An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:schuhfried:schuhfried:*:*:*:*:*:*:*:*

History

05 Mar 2024, 20:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-798
First Time Schuhfried
Schuhfried schuhfried
References () https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-38995-Schuhfried-Preauth-PrivEsc.pdf - () https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-38995-Schuhfried-Preauth-PrivEsc.pdf - Exploit, Technical Description, Third Party Advisory
CPE cpe:2.3:a:schuhfried:schuhfried:*:*:*:*:*:*:*:*

07 Feb 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 20:15

Updated : 2024-03-05 20:24


NVD link : CVE-2023-38995

Mitre link : CVE-2023-38995

CVE.ORG link : CVE-2023-38995


JSON object : View

Products Affected

schuhfried

  • schuhfried
CWE
CWE-798

Use of Hard-coded Credentials