2 matches found
CVE-2023-33178
The CVE-2023-33178 issue affects Xibo CMS and is a SQL injection vulnerability in the /dataset/data/{id} API route. An authenticated user can exfiltrate data by injecting crafted values into the filter parameter, and the case-sensitive deny-list check allowed bypasses. Affected versions: 1.4.0 up...
CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter
Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the /dataset/data/id API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting...