Lucene search

MitreCVE-2023-23563

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2023-23563

2023-08-2219:16:32

CWE-89

mitre

web.nvd.nist.gov

cve-2023-23563

geomatika isigeo web

sql injection

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.

Affected configurations

Nvd

Node

geomatikaisigeo_webMatch6.0

VendorProductVersionCPE
geomatikaisigeo_web6.0cpe:2.3:a:geomatika:isigeo_web:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
geomatika	isigeo_web	6.0	cpe:2.3:a:geomatika:isigeo_web:6.0:::::::*

References

github.com/Orange-Cyberdefense/CVE-repository

github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_geomatika_isigeoweb.md

www.geomatika.fr/isigeo-web/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON

Related for CVE-2023-23563