Lucene search

INCIBECVELIST:CVE-2023-3743

HistoryJul 18, 2023 - 11:56 a.m.

CVE-2023-3743 SQL injection vulnerability in LeoTheme's Ap Page Builder

2023-07-1811:56:05

CWE-89

INCIBE

www.cve.org

sql injection

leotheme

ap page builder

remote attacker

database retrieval

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.9%

JSON

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Ap Page Builder",
    "vendor": "LeoTheme",
    "versions": [
      {
        "lessThan": "1.7.8.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-leothemes-ap-page-builder

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.9%

JSON

Related for CVELIST:CVE-2023-3743