Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
References
Link | Resource |
---|---|
https://github.com/andreysanyuk/CVE-2023-42284 | Exploit Third Party Advisory |
https://github.com/andreysanyuk/CVE-2023-42284 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/andreysanyuk/CVE-2023-42284 - Exploit, Third Party Advisory |
14 Nov 2023, 20:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:tyk:tyk:5.0.3:*:*:*:*:*:*:* | |
References | () https://github.com/andreysanyuk/CVE-2023-42284 - Exploit, Third Party Advisory | |
CWE | CWE-89 | |
First Time |
Tyk tyk
Tyk |
07 Nov 2023, 12:14
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-07 08:15
Updated : 2024-11-21 08:22
NVD link : CVE-2023-42284
Mitre link : CVE-2023-42284
CVE.ORG link : CVE-2023-42284
JSON object : View
Products Affected
tyk
- tyk
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')