Lucene search
China National Vulnerability DatabaseCNVD-2023-54865HistoryJul 04, 2023 - 12:00 a.m.
IBOS OA SQL Injection Vulnerability
2023-07-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
ibos
sql injection
version 4.5.5
validation
add user handler
attacker
sensitive data
database
0.001 Low
EPSS
Percentile
31.2%
IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from the lack of validation of the parameter id in the component Add User Handler against externally entered SQL statements, and can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| 深圳市博思协创网络科技有限公司 ibos oa | eq | 4.5.5 |
Related
cvelist
cvelist
CVE-2023-3478 IBOS OA Add User edit&op=member actionEdit sql injection
2023-06-30 12:00:03
nvd
nvd
CVE-2023-3478
2023-06-30 12:15:09
cve
cve
CVE-2023-3478
2023-06-30 12:15:09
prion
prion
Sql injection
2023-06-30 12:15:00