CVE-2023-7145 | gopeak MasterLab up to 3.3.10 HTTP POST Request app/ctrl/Framework.php sqlInject pwd sql injection

Inserito da Angelo Barbosa | Dic 28, 2023 | CVE

A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection.

This vulnerability was named CVE-2023-7145. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

CVE-2023-7145 | gopeak MasterLab up to 3.3.10 HTTP POST Request app/ctrl/Framework.php sqlInject pwd sql injection

Post correlati

CVE-2024-47293 | Huawei HarmonyOS/EMUI HAL-WIFI Module length parameter

CVE-2024-7869 | 123.chat Plugin up to 1.3.1 on WordPress cross site scripting

CVE-2024-26146 | rubygem-rack Header Parser denial of service

CVE-2024-6028 | Quiz Maker Plugin up to 6.5.8.3 on WordPress ays_questions sql injection