CVE-2023-7146 | gopeak MasterLab up to 3.3.10 HTTP POST Request Feature.php sqlInjectDelete phone sql injection

Inserito da Angelo Barbosa | Dic 28, 2023 | CVE

A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection.

The identification of this vulnerability is CVE-2023-7146. Access to the local network is required for this attack. Furthermore, there is an exploit available.

CVE-2023-7146 | gopeak MasterLab up to 3.3.10 HTTP POST Request Feature.php sqlInjectDelete phone sql injection

Post correlati

CVE-2024-0551 | mintplex-labs anything-llm up to 0.0.x Export access control

CVE-2024-20069 | MediaTek MT8797 Modem downgrade (MOLY01286330)

CVE-2023-39425 | Intel DSA Software prior 23.4.33 access control (intel-sa-00969)

CVE-2023-51616 | D-Link DIR-X3260 prog.cgi SetSysEmailSettings stack-based overflow