CVE-2023-7188 | Shipping 100 Fahuo100 up to 1.1 member/login.php M_pwd sql injection

Posted by Angelo Barbosa | Dec 30, 2023 | CVE

A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection.

This vulnerability is traded as CVE-2023-7188. The attack can only be done within the local network. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-7188 | Shipping 100 Fahuo100 up to 1.1 member/login.php M_pwd sql injection

Related Posts

CVE-2024-0219 | Progress Telerik JustDecompile prior 2024 R1 Applications Installer privileges management

CVE-2024-0857 | Universal Software FlexWater Corporate Water Management up to 18072024 sql injection

CVE-2024-27918 | Coder OIDC Authentication improper authentication

CVE-2024-7186 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 /cgi-bin/cstecgi.cgi setWiFiAclAddConfig comment buffer overflow