4 matches found
CVE-2023-26454
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...
CVE-2023-26452
Open-Xchange App Suite's imageconverter service is affected by an SQL injection vulnerability triggered when caching an image and returning its metadata, allowing arbitrary SQL statements to execute in the service DB user context. Exploitation requires access to adjacent networks (not exposed pub...
PT-2023-20645 · Unknown · Imageconverter Service
Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to cache an image and return its metadata to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least...
PT-2023-20647 · Unknown · Imageconverter Service
Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to fetch image metadata to be abused, including SQL queries that would be executed unchecked. This requires at least access to adjacent networks of...