CVE-2023-33180
CVE-2023-33180 affects Xibo CMS. An SQL injection in the /display/map API route allows an authenticated user to exfiltrate data from the Xibo database via crafted values in the bounds parameter. Vulnerable versions: 3.2.0 through 3.3.2. Fix: upgrade to version 3.3.5 (upgrading is the recommended ...