EUVD-2023-43147

Malicious code in bioql PyPI...

CVE-2023-39423

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user...

Code injection

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user...

CVE-2023-39423 Improper Neutralization of Special Elements used in an SQL Command in RDPData.dll

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user...

CVE-2023-39423

CVE-2023-39423 affects RDPData.dll, where the /irmdata/api/common endpoint processes session IDs and other features. The underlying issue is improper neutralization of SQL commands, enabling a UNION-based SQL injection that can leak the sessions table and obtain currently valid sessions, allowing...

CVE-2023-39423 Improper Neutralization of Special Elements used in an SQL Command in RDPData.dll

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user...

PT-2023-26944 · Resort Data Processing +1 · Irm Next Generation +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The RDPData.dll file exposes the "/irmdata/api/common" endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obta...