Lucene search
K

4 matches found

OSV
OSV
added 2023/11/02 2:15 p.m.6 views

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References2
CVE
CVE
added 2023/11/02 1:0 p.m.58 views

CVE-2023-26452

Open-Xchange App Suite's imageconverter service is affected by an SQL injection vulnerability triggered when caching an image and returning its metadata, allowing arbitrary SQL statements to execute in the service DB user context. Exploitation requires access to adjacent networks (not exposed pub...

8.8CVSS8.7AI score0.00371EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.6 views

PT-2023-20645 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to cache an image and return its metadata to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least...

8.8CVSS8.7AI score0.00371EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.6 views

PT-2023-20647 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to fetch image metadata to be abused, including SQL queries that would be executed unchecked. This requires at least access to adjacent networks of...

8.8CVSS8.7AI score0.00371EPSS
Exploits0References6
Rows per page
Query Builder