Lucene search

GitHub Advisory DatabaseGHSA-4PQP-69M3-F8PP

HistoryMar 23, 2023 - 9:30 p.m.

NotrinosERP vulnerable to SQL Injection

2023-03-2321:30:19

CWE-89

GitHub Advisory Database

github.com

notrinoserp

v0.7

sql injection

vulnerability

sales module

customer delivery

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.4%

JSON

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.

Affected configurations

Vulners

Node

notrinosnotrinoserpRange≤0.7

VendorProductVersionCPE
notrinosnotrinoserp*cpe:2.3:a:notrinos:notrinoserp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
notrinos	notrinoserp	*	cpe:2.3:a:notrinos:notrinoserp::::::::

References

packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.html

github.com/advisories/GHSA-4pqp-69m3-f8pp

github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md

github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py

github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md

github.com/notrinos/NotrinosERP

nvd.nist.gov/vuln/detail/CVE-2023-24788

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.4%

JSON

Related for GHSA-4PQP-69M3-F8PP