CVE-2023-45800

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://hanbiro.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:hanbiro:groupware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-13 02:15

Updated : 2023-12-15 18:50

NVD link : CVE-2023-45800

Mitre link : CVE-2023-45800

CVE.ORG link : CVE-2023-45800

JSON object : View

Products Affected

hanbiro

groupware

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-45800", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-13T02:15:07.323", "references": [{"url": "https://hanbiro.com/", "tags": ["Product"], "source": "vuln@krcert.or.kr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1.\n\n"}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en el software colaborativo Hanbiro Hanbiro permite la obtenci\u00f3n de informaci\u00f3n. Este problema afecta al software colaborativo Hanbiro: desde V3.8.79 antes de V3.8.81.1."}], "lastModified": "2023-12-15T18:50:06.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hanbiro:groupware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A78D52F3-B19F-4BBD-9EE1-613EF89C79F0", "versionEndExcluding": "3.8.81.1", "versionStartIncluding": "3.8.79"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@krcert.or.kr"}