Search criteria
1 vulnerability by xintian_smart_table_integrated_management_system_project
CVE-2023-4867 (GCVE-0-2023-4867)
Vulnerability from cvelistv5 – Published: 2023-09-10 00:00 – Updated: 2024-08-02 07:38
VLAI
Title
Xintian Smart Table Integrated Management System Added Site Page AddUpdateSites.aspx sql injection
Summary
A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352.
Severity
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.239352 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.239352 | signaturepermissions-required |
| https://github.com/fortunate888/cve/blob/main/sql… | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Xintian | Smart Table Integrated Management System |
Affected:
5.6.9
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239352"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239352"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://github.com/fortunate888/cve/blob/main/sql_inject_1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Added Site Page"
],
"product": "Smart Table Integrated Management System",
"vendor": "Xintian",
"versions": [
{
"status": "affected",
"version": "5.6.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fortunate (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Xintian Smart Table Integrated Management System 5.6.9 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /SysManage/AddUpdateSites.aspx der Komponente Added Site Page. Durch die Manipulation des Arguments TbxSiteName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:40:46.449Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239352"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.239352"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/fortunate888/cve/blob/main/sql_inject_1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-09T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-04T15:25:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Xintian Smart Table Integrated Management System Added Site Page AddUpdateSites.aspx sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4867",
"datePublished": "2023-09-10T00:00:16.942Z",
"dateReserved": "2023-09-09T08:11:06.902Z",
"dateUpdated": "2024-08-02T07:38:00.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}