CVE-2023-29047

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible...

EUVD-2021-13491

Malware in sbrugna...

CVE-2023-29047

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible...

CVE-2023-29047

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible...

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

Input validation

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible...

CVE-2023-29047

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible...

CVE-2023-29047

The CVE-2023-29047 entry concerns Open-Xchange App Suite’s Imageconverter API endpoints, where input validation and sanitization were insufficient, allowing SQL injection. Affected software component: Imageconverter API endpoints (Open-Xchange App Suite). Root cause: inadequate client input valid...

CVE-2023-26452

Open-Xchange App Suite's imageconverter service is affected by an SQL injection vulnerability triggered when caching an image and returning its metadata, allowing arbitrary SQL statements to execute in the service DB user context. Exploitation requires access to adjacent networks (not exposed pub...

PT-2023-22111 · Unknown · Imageconverter

Name of the Vulnerable Software and Affected Versions: Imageconverter affected versions not specified Description: The issue arises from Imageconverter API endpoints not sufficiently validating and sanitizing client input, allowing the injection of arbitrary SQL statements. An attacker with acces...

PT-2023-20645 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to cache an image and return its metadata to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least...

PT-2023-20647 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to fetch image metadata to be abused, including SQL queries that would be executed unchecked. This requires at least access to adjacent networks of...

Open-Xchange App Suite SQL Injection Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that stems from the Imageconverter API's inability to adequately validate and clean up client input, potentially leading to SQL injection...

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

Server side request forgery (ssrf)

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

CVE-2021-26699

OX App Suite (Open-Xchange) is affected by CVE-2021-26699 via SSRF in the imageconverter handling of SVG documents when the .png extension is used. The vulnerability targets the backend component and arises from mishandling a shared SVG document, enabling Server-Side Request Forgery. Vulnerable v...

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...